Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Healthcare - VISN 4 (VISN 4)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on June 7, 2011. Also cited in 239 other reports.
Report ID: SPE000000063344, U.S. Department of Veterans Affairs
Reported Entity: VISN 04 Pittsburgh, PA
Issue:
A research and development study clinical coordinator reported an unanticipated problem that affected 18 study subjects. It was reported that the names, addresses, SSN's and phone numbers of 18 study subjects were faxed to the affiliate university for the purpose of reimbursement between 2009 and 2010. The transfer of this sensitive data was not stated in the protocol, HIPAA authorization, or VA offsite data request form. This process did not have the proper authorization and was an unauthorized disclosure. Update: 06/07/11: The eighteen (18) study subjects will be sent letters offering credit protection services, due to full name and full SSN being disclosed.
Outcome:
The research compliance officer is working with the IRB to ensure this type of process is properly reviewed and that any type of payment functions that require the submission of PII to an outside entity is properly indicated in the protocol and the HIPAA authorization. The issue has been addressed and enrollment into the study has been closed.