Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
U.S. Department of Veterans Affairs
Reported a breach of medical information involving at least 500 people to the U.S. Department of Health and Human Services, Office for Civil Rights; the report was received on April 11, 2013. Also cited in 336 other reports.
Report ID: MO016, U.S. Department of Health and Human Services, Office for Civil Rights
Reported Entity: John J. Pershing VA Medical Center
Issue:
OCR opened an investigation of the covered entity (CE), John J. Pershing VA Medical Center, after the CE reported that its business associate (BA), Stress Laboratory, placed a box of unsecured protected health information (PHI) in an equipment storage room. The PHI included the names, social security numbers, diagnoses, and age of approximately 589 individuals. This breach incident involved a BA, and occurred prior to the September 23, 2013 compliance date. The BA employee involved in this matter separated from employment in 2012, and the BA was reorganized and has been incorporated into the CE. The CE provided breach notification to affected individuals, HHS, and the media. Substitute notification was provided through a posting on the CE's main website with a toll-free information number. The CE also offered one year of identity protection and credit monitoring services to affected individuals. As a result of this incident, the CE adopted a new policy that provides guidance to its staff regarding the handling of PHI. Additionally, the CE trained its employees on this new policy, and re-trained its employees on the Privacy, Security, and Breach Notification Rules. Finally, OCR obtained assurances that the CE implemented the corrective action listed above. \ \