VA Healthcare - VISN 4 (VISN 4)

Report ID: PSETS0000088139, U.S. Department of Veterans Affairs

Reported Entity: VISN 04 Pittsburgh, PA

Issue:

A VA employee printed Veteran information to prepare a case against a VA supervisor. The VA employee redacted the Veteran information and provided copies to service line management and the union. Allegedly, Veteran information can still be seen under the redactions. A copy of this information will be provided to the Privacy Office (PO) for review. Update: 04/23/13: The printed information has been reviewed. Some of the identifiers can be seen under the black marks; i.e. names and SSN. The VA employee was interviewed. The VA employee alleges this activity was not done with malicious intent, instead to prove lab equipment is faulty. There are a total of eleven duplicate binders containing this information. Four have been provided to the custody of the Privacy Officer. The employee has been directed to collect the remaining seven binders and give them to VA Police to safeguard until the Privacy Officer retrieves them. The 14 Veterans will receive a letter offering credit protection services. Further investigation shows that an additional Veteran name and last four digits of the SSN was also compromised. That Veteran will receive a HIPAA letter of notification. 04/29/13: Additional informaiton indicates that four of the 14 are deceased. Their families will receive next of kin (NOK) notifications. One person cannot be identified so the remaining 9 will receive a letter offering credit protection letters. 05/29/13: This was determined to be HITECH reportable by VHA Privacy Office.

Outcome:

The employee's computer access was disusered and disabled. A security privacy event violation memo was issued to service line mgt concerning this incident involving this employee.