Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid South Healthcare Network (VISN 9)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on October 5, 2012. Also cited in 328 other reports.
Report ID: SPE000000080924, U.S. Department of Veterans Affairs
Reported Entity: VISN 09 Memphis, TN
Issue:
An RN reported to PO that a patient had been discharged from the hospital and taken home with information pertaining to another VA patient. Complainant stated she was about to chart on an ambulatory surgical patient. She discovered that patient was entered into Endoworks medical device incorrectly - that is another VA patient full name and full SSN was used to enter this patient into the medical device. After completion of his colonoscopy surgery, patient received copy of Endoworks patient procedure report and standard discharge instructions bearing another VA patient name and SSN. Patient took information home right away. The RN researched into this incident and was able to identify both patients in the CPRS. RN also noted since this patient was entered into Endoworks incorrectly, there was no CPRS moderate sedation discharge information entered because there was no information in the Endoworks available and bears his full name and SSN. PO currently contacting patient to request for the information to be brought back to the VA. Update: 10/05/12:Veteran A will be sent a letter offering credit protection services.
Outcome:
Employee who is involved in this incident has been counseled by his supervisor to be very cautious when entering information into Endoworks for colonoscopy procedure. Privacy Officer is requesting employee to review and sign VA National Rules of Behavior as way to re-educate him of VA's culture to protect sensitive personal information at all times.PO determined that PII such as full name and full SSN may have been compromised as a result of this incident. Scanned copy of Credit Monitoring letter has been uploaded into PSETS. Original copy of CM Letter has been mailed to patient. This incident is considered closed as of 10/25/2012.