Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA New England Healthcare System (VISN 1)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 19, 2011. Also cited in 204 other reports.
Report ID: SPE000000062740, U.S. Department of Veterans Affairs
Reported Entity: VISN 01 White River Junction, VT
Issue:
During a criminal investigation of a stolen supervisor/employee record from one of our CBOC's, it was established that the local AFGE had received a folder of documents from one of our staff member\xe2\x80\x99s spouse. This folder contained documents of differing types with protected health information (PHI). These documents were Progress Notes, Physical Therapy Summary Evaluation, Letters to Patients, Health Evaluation, Clinic Routine Slip. Other documents given to the Privacy Officer (PO) and Information Security Officer (ISO) of the same type were blacked out after being received by the Spouse. This action caused the information to be outside of VA control. It is undetermined if any information was breached on those documents. The PO contacted the employee by letter requesting return of all documents in her possession for proper disposition. During the police interview, the employee complied with the letter and turned over four documents to the VA Police Chief. The returned documents were retrieved from her vehicle and contained PHI and personally identifiable information (PII) of 7 Veterans. Although during her interview with the Police the employee stated she had no more patient information, at this time criminal and administrative investigations are continuing to validate this is true. Update: 05/27/11: Reportedly the employee has given all PHI taken from the VA to the Chief of the VA Police and those documents are now secure. A total of 12 Veterans were affected by this breach. The PO will submit a report to HR and the service line to recommend disciplinary action. Once the ticket is updated to pending credit monitoring the letters will be prepared and promotional codes requested. 06/07/11: The information at risk included the Veterans' name, full SSN, date of birth and PHI. The 12 Veterans will receive a letter offering credit protection services.
Outcome:
The Union President and the Employee Relations Specialist were provided training and awareness from both the ISO and The PO on their responsibilities when and individual attempts to submit PHI for Union or HR evidence files. They have both agreed to contact the ISO and PO in the future. Currently there is a proposal submitted by the Supervisor to terminate the employee responsible to remove for these and other reasons.