Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Southeast Network (VISN 7)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on June 6, 2011. Also cited in 225 other reports.
Report ID: SPE000000063322, U.S. Department of Veterans Affairs
Reported Entity: VISN 07 Columbia, SC
Issue:
There was documentation in a Telephone Advice Program (TAP) note dated 05/24/11 that Veteran A claimed that a Life Insurance Company had received documents on Veteran B. The Release of Information Office released copies of medical reports on Veteran A to ExamOne (Record Retrieval Service) on 04/09/11. The Alternate Privacy Officer contacted ExamOne to substantiate that they had received medical reports belonging to Veteran B as well as to determine what type of reports and information was received on Veteran B. ExamOne contact advised that copies of medical records were forwarded to Guardian Life Insurance Company\xe2\x80\x99s agent and that she would have agent contact Alternate Privacy Officer. ExamOne agent would not release phone number of the Guardian Life Insurance Company\xe2\x80\x99s agent. Since the agent did not contact the Alternate Privacy Office, the Life Insurance Company was contacted and the agent was located who researched documents received on Veteran B. There were two pages belonging to Veteran B. The agent faxed them to the Alternate Privacy Officer on 06/06/11. The agent will mail copies back to the Alternate Privacy Officer\xe2\x80\x99s attention. The document consisted of a Cardiology Echo Report (2-page document) with the Veteran\xe2\x80\x99s name and date of birth listed in the body of the report that was entered in error into Veteran A's CPRS by Cardiology Service staff. Veteran B's SSN or address was not included in the document. Cardiology Section staff have taken steps to remove Echo Report that was entered in error in Veteran A's CPRS. TAP Center did not notify the Privacy Officer when the Veteran advised her via phone call that the Life Insurance Company had received Veteran B's medical records. The Alternate Privacy Officer noted information in TAP Progress Note when processing View Alerts for HIMS supervisor during her absence on 06/02/11. Update: 06/07/11: Veteran B will be sent a letter offering credit protection services, since his name and date of birth were disclosed.
Outcome:
EMPLOYEES HAVE BEEN RE-EDUCATED ON THE NEED TO SAFEGUARD PATIENT INFORMATION.