Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid South Healthcare Network (VISN 9)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 28, 2012. Also cited in 328 other reports.
Report ID: SPE000000073452, U.S. Department of Veterans Affairs
Reported Entity: VISN 09 Memphis, TN
Issue:
One of our contract CBOCs received a package from USPS Mail Recovery Center that contained two manila envelopes. Inside the manila envelopes were smaller envelopes which contained signed forms VA patients are submitting to request release of their medical records from the medical center. All the forms were put together in one smaller envelope with just the name of the recipient department written on it. The second package was a disability claim voucher on a VA patient. This was also put into a smaller envelope with the name of the recipient department written on it. The two envelopes were mailed as a package to the Memphis VAMC. The package was successfully delivered to the Mailroom for distribution to the intended recipient departments. For a reason that cannot be explained by the contract CBOC, the two smaller envelopes were metered for outgoing mails and were delivered to the USPS Mail Recovery Center for identification and re-routing to original sender. In order to do this, the USPS personnel opened the two smaller envelopes to identify original sender's address. The contract CBOC disclosed to PO that the two envelopes contain information on 17 VA patients which includes PII such as their full names, full SSN, Address, etc. Update: 03/29/12:Seventeen Veterans will be sent letters offering credit protection services.
Outcome:
This incident was investigated with facility Mail Room staff. PO learned that the Mail Room processes large volume of letters and other correspondence on each given day, and so it was difficult identifying the reason that led to the incident. However, the Supervisor of the Mail Room has resolved to retrain all staff in mail handling process to ensure that this type of incident does not happen again in the future. It is believed that the Veterans PII such as full name, SSN, and mailing address may have been compromised as a result of this incident. PO has uploaded a redacted copy of the CM Letters in PSETS.