Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Sunshine Healthcare Network (VISN 8)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 31, 2012. Also cited in 369 other reports.
Report ID: SPE000000071223, U.S. Department of Veterans Affairs
Reported Entity: VISN 08 San Juan, PR
Issue:
While conducting a routine sensitive patient record access review, the Information Security Officer sent an inquiry about access to a patient's record to a VA employee. The employee responded to the inquiry stating that she was not on duty when the patient's record was accessed. The employee's supervisor supported the employee's statement about not being on duty. Update: 02/06/12:The Information Security Officer (ISO) and the Privacy Officer (PO) are reviewing audit logs and comparing to the employee's work schedule to determine if the access occurred outside of the employee's work day. In the interim, the employee's password has been changed to mitigate the possibility of a compromised password.02/09/12:This was a policy violation, and no data breach is believed to have occurred.02/13/12:After clarification from the Privacy Officer (PO), Employee A accessed Employee B's record without a need to know and not in the course of her normal duties. Therefore, Employee B will receive a letter offering credit protection services.
Outcome:
User was instructed to change her password and was interviewed and briefed by the PO and ISO.