Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Northwest Network (VISN 20)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 27, 2011. Also cited in 208 other reports.
Report ID: SPE000000057593, U.S. Department of Veterans Affairs
Reported Entity: VISN 20 Boise, ID
Issue:
One of the Director's secretaries received a call from a business stating that they had received a faxed report that contained the names, SSN, appointment information, etc. for 30+ Veterans from our ENT clinic. The caller stated that he is a Veteran also that he will shred the fax. The PO called and left a voicemail message to ask that he mail it back to the PO for assurance of destruction. Update: 01/27/11:The PO went to the Clinic to determine what took place. The PO spoke with the employee who had just found out from her supervisor of the error. The employee stated that weekly she faxed the appointment list to the physician's private office each week so they physician can see whatpatients and procedures he will have when he comes to the VA. That morning when she initially faxed she received a beeping noise and no confirmation so she immediately refaxed the list and this time she received a confirmation. The list did not have a fax cover sheet as required as the employee was out of them. The PO discussed the process and the need to verify the telephone number entered and having a cover sheet on all faxes. The employee will talk with the physician when he comes to the clinic to see if he will accept only a total number of visits for the day and the name of the procedure to be done (not names). 01/28/111:The PO spoke with the Veteran who stated that he immediately shreddded the document after contacting the VA. The thirty Veterans will receive a letter offering credit protection services.
Outcome:
Investigation information being sent to Human Resources and employee's supervisor for appropriate action. Type of action taken is unknown to the Privacy Officer. Education training was done during the interview process by the Privacy Officer. Employee worked with physician the day after incident to set up a process that would eliminate the faxing of personal identifiable information. The process went into effect immediately.