Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Southeast Network (VISN 7)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on September 6, 2012. Also cited in 225 other reports.
Report ID: SPE000000079910, U.S. Department of Veterans Affairs
Reported Entity: VISN 07 Charleston, SC
Issue:
Privacy Officer (PO) received call from staff physician and researcher regarding missing files. At this point it is known that nine (9) case studies cannot be located. Facility staff are looking throughout the hospital and contacting employees not presently on station. PO requested a write-up of the situation once it is idetermined the files cannot be located. Update: 09/10/12: Privacy Officer informed on Friday that it is now ten (10) case reports missing. VAMC staff made a thorough search of the premises for the files but they are still missing. Employees are trying to contact the study coordinator who recently left the VAMC for a position in the private sector. VA police are still investigating and preparing their report. PO will obtain a copy of the police report once it is completed. PO informed this research involved a drug for PTSD and was affiliated with DOD. letters offering credit protection services will be sent to 10 Veterans. 09/18/12: After completing a final count. The number of letters to Veterans will be 15.
Outcome:
Although there is no proof as to what happened to the Research files, there is always speculation. Research staff have been instructed to make sure all the files are contained in a secure location, i.e. locked desk drawer and/or filing cabinet, within locked office. Any employee leaving the Research study will turn over their case files and data for review prior to checking out. Turnover should be given to the researcher assuming the study. VA police at the facility investigated and sent report on to VAOIG. Also the Office of Security and Law Enforcement (OS&LE) were apprised but no further action was deemed warranted by either security agency. The IRB will issue a response next week and ORO has been kept informed and we are awaiting notification from them as to what may or may not be forthcoming. Since we are not sure exactly what happened to the files, it is hard to take corrective action other than keep the staff vigilant on the importance of protecting everyone's PHI and PII. This is the first time something like this has occurred at the hospital (so I was told).