Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA NY/NJ Veterans Healthcare Network (VISN 3)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on June 30, 2011. Also cited in 59 other reports.
Report ID: SPE000000064316, U.S. Department of Veterans Affairs
Reported Entity: VISN 03 Montrose, NY
Issue:
An investigation of a terminated employee revealed that there was a breach of patient Personal Identifying Information. A review of Employee A's Outlook inbox revealed that Employee A forwarded an Excel workbook containing PII of (31) Veterans to Employee A's personal AOL email account. The workbook contained full name, last (4) SSN, telephone contact information, home address and next of kin/emergency contact information. The workbook contained several tabs containing treatment plans for each individual patient in Employee A's workload. Several patients in Employee A's workload received letters requesting that they support the reinstatement of Employee A. The letters requested patients to write their name and last (4) of SSN in the body of the letter. Instructions in the letter requested that patients mail completed letters to VHA leadership. Update: 06/30/11:Letters of notification will be sent to 31 patients due to PHI being sent outside custody of the VA.
Outcome:
Currently, there is a criminal investigation pending on this former employee. Notification letters have been sent to the patients that may have received the letters requesting reinstatement of the former employee.