Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Tennessee Valley Healthcare System
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on June 10, 2015. Also cited in 104 other reports.
Report ID: PSETS0000120661, U.S. Department of Veterans Affairs
Reported Entity: NASHVILLE TN - 626
Issue:
The Privacy Officer (PO) was made aware of this incident from the Release of Information (ROI) Staff: On 06/09/15, a non-VA Provider's Office faxed an ROI Authorization to the TVHS ROI Office (ACY Campus) for them to receive medical records on Veteran A, whom they were treating. When the ROI Clerk was processing this request, she inadvertently researched and selected a Veteran B. During her research, she determined that Veteran B did not have any medical records to provide to the non-VA Provider and faxed a No Record Response back to them. On 06/10/15, the non-VA Provider knew that Veteran A had been treated at this VA and upon checking the No Records Response letter faxed to them on 06/09/15, they noticed that the ROI Section responded with the wrong Veteran. Upon noticing this error, they contacted the ROI Section to notify them of this error and stated they would shred the document they received on Veteran B. The personally identifiable information (PII) of Veteran B listed on the letter included his full name and last four digits of the SSN only. No medical records or other information was disclosed.
Outcome:
06/11/15: The Incident Resolution Service Team has determined that no data breach has occurred. The document was seen only by a HIPAA covered entity.