Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Southeast Network (VISN 7)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 10, 2011. Also cited in 225 other reports.
Report ID: SPE000000059408, U.S. Department of Veterans Affairs
Reported Entity: VISN 07 Birmingham, AL
Issue:
Veteran A's wife contacted the Birmingham VAMC to report another Veteran (Veteran B) contacted her yesterday. Veteran B told Veteran A's wife that she had received a letter from the BVAMC. When the letter was opened, Veteran A's information was on the letter. Veteran A's wife contacted the BVAMC this morning to report the issue. The Privacy Officer (PO) has contacted Veteran A's wife . The PO has also left a message with Veteran B (the Veteran who received the letter) to return a call. The PO will attempt to retrieve the original letter to determine what information is at risk. Update: 03/15/11:The letter contained Veteran A's name, medical information, and full SSN. Veteran A will receive a letter offering credit protection services.
Outcome:
BVAMC employee placed a consult sheet in the wrong envelope and sent to the wrong patient. The documents were returned to the facility. Notification letter has was sent on March 25, 2011. A copy of the redacted letter is attached. The employee is required to re-take Privacy and Privacy/Info Sec/Rules of Behavior and send a note to the PO upon completion.