Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Northwest Network (VISN 20)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on December 26, 2012. Also cited in 208 other reports.
Report ID: PSETS0000084050, U.S. Department of Veterans Affairs
Reported Entity: VISN 20 Seattle, WA
Issue:
On 12/4/12, a dermatologist mislaid a spare SD card for the dermatology camera (dermatologist believes she put it in camera case but at end of day there was no SD card in the case). On 12/21/12, a patient came to the dermatology clinic and turned in the SD card stating the dermatologist had given it to him (per 2nd hand report, he had the card in a card reader). The SD card was blank at that time. The dermatologist believes she had two days worth of images on the card when she had it. The chief of the section will be contacting the patient to discover more information (such as did he take images off of it, etc.). The chief has been counseled on prompt reporting of incidents, as this should have been reported on the 4th. Dermatology images are required to have full SSN on each image for patient safety. The Information Security Officer is confirming that this was the case for these images. The service is also compiling the names of the patients from the two days the dermatologist believes there should be images. Update: 12/27/12:The dermatologist believed the SD card contained two days worth of images which would be between 12 and 20 patients. They are attempting to compile a list of Veterans to determine who is identified on the card. The patient claimed the doctor gave him the card, however, the doctor states she put it in the camera case.The Privacy Officer has been unable to contact the patient who had the card. The dermitoloty department has been able to identify five patients whose image were on the card. Five Veterans will be sent a letter offering credit protection services.
Outcome:
All staff have been trained in the correct procedures to handle SIM cards and physical protection requirements of portable media. The patients have been notified by letter by the Privacy Officer.