Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
South Central VA Health Care Network (VISN 16)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on April 30, 2012. Also cited in 317 other reports.
Report ID: SPE000000074842, U.S. Department of Veterans Affairs
Reported Entity: VISN 16 Fayetteville, AR
Issue:
Envelopes that had Veterans' address labels on them were mailed out with different Veterans' names and addresses on the letters inside. All letters seem to come from the Fort Smith Community Based Outpatient Clinic (CBOC) but were addressed to Veterans at the Mount Vernon CBOC. The Privacy Officer (PO) has not determined exactly how many Veterans are involved. Update: 05/07/12:This may involve 500 Veterans. The data that was involved is full name, appointment time, appointment clinic, home address, and last four digits of the SSN. An exact count is being made. The mailroom was doing a mass mailing of Women Veterans Day flyers and accidently mailed out appointment letters in the pre-labeled envelopes addressed to the women Veterans.05/08/12:The Privacy Officer reports the new estimate to be between 350 and 400 individuals involved. The final count is expected by 05/10/12.05/10/12:There were a total of 362 appointment letters that went out to the wrong addresses. Of those, 72 were returned unopened. The appointment did not include either full SSNs or dates of birth. The 290 Veterans will be sent letters of notification.
Outcome:
The PO re-educated the mail room staff on the importance of ensuring that the correct letter is placed in the correct envelope. The HIPAA notification letters were mailed on 05/29/12.