Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Heartland Network (VISN 15)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on July 8, 2011. Also cited in 149 other reports.
Report ID: SPE000000064555, U.S. Department of Veterans Affairs
Reported Entity: VISN 15 St Louis, MO
Issue:
The deceased Veteran A's daughter contacted the St. Louis VAMC claiming to have Veteran B's discharge instructions in her possession. She indicated that she would only return the documents if the VA was willing to forgive her father's medical bills and that she had contacted local news media. She contacted the Information Security Officer (ISO) at the Marion VAMC during the Privacy Officer's (PO) absence. She was asked to return the documents. To date, no documents have been returned to either the Marion VAMC or the St. Louis VAMC. No Release of Information (ROI) requests have been completed or received since August 2010 during which the request was only that a placard form be completed. Discharge instruction forms were verified in Vista Imaging as belonging to correct Veteran. NOTE: The decision was made to open this ticket despite the lack of evidence to support an actual incident. Update: 07/19/11: The Southern Illinoisan reporter contacted the facility Office of Public and Intergovernmental Affairs (OPIA) to verify information that he researched on the HIPAA website. Veteran As daughter has not yet returned information belonging to Veteran B. The PO will attempt to contact her again. The reporter provided the name of Veteran B, whose information was allegedly compromised. The PO contacted Veteran B to discuss the issue and offer credit monitoring. Veteran B told the PO that deceased Veteran A's daughter had contacted him. 07/20/11: The PO submitted a request for appeal and right after that, the PO spoke with Veteran A's daughter via telephone. The PO asked the daughter to return the original document as well as any copies that may have been produced. She stated the documents will be placed in the mail by the end of this week. 07/26/11: No documents have been received at either facility. The POs at both facilities have been unable to contact the daughter. 08/08/11: The deceased Veteran A's daughter still has not returned the documents. The Marion PO is not aware of any news article or report as of this date. Veteran B will receive a letter offering credit protection services. 08/15/11: No contact from complainant. Without return of documents, VAMC St. Louis PO cannot verify ID of Veteran B. 09/06/11: A Certified letter was sent to the daughter of the deceased Veteran requesting return of the documents she claims to have received in error. 09/21/11: The PO submitted a request for appeal and right after that, the PO received a fax copy of the documents from the daughter. She also insists on CM for her deceased father, despite the lack of any evidence of a breach of her father's privacy. She wants to talk with "someone up the line" so the PO has contacted the VISN PO. The PO was advised that under the law (Public Law (PL) 109-461 - Veterans Benefits, Health Care and Information Technology Act), VA does not have the authority to provide credit protection services to deceased individuals. The credit protection letter will be sent to Veteran B since name and date of birth were among the data elements that were compromised.
Outcome:
Privacy Officer conducted Privacy Awareness counseling/training for administrative and clinical employees assigned to specific ward.