Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Heartland Network (VISN 15)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on July 2, 2012. Also cited in 149 other reports.
Report ID: SPE000000077423, U.S. Department of Veterans Affairs
Reported Entity: VISN 15 Kansas City, MO
Issue:
A VISN employee reported to the Privacy Officer that during site inspection of VISN 15 Kansas City VAMC, the employee forgot to redact the name and diagnosis on the exit briefing report. The employee name and diagnosis were included in the exit briefing report as a non-compliant finding. Employee name and diagnosis should have been redacted and identified by non-identifiable key term.The error was identified during the exit briefing by another employee. All paper copies distributed were redacted or collected and secured. Information was shared with VA staff with a need to know the findings in order to correct non-compliant issue identified. Update: 07/06/12:The employee will be sent a HIPAA notification letter.
Outcome:
The mishandling (lack of safeguard) by an employee who self-reported incident served as a good reminder/training opportunity. As the inappropriate disclosure of one employee/veterans PHI on an internal report was caught at the time the report was presented distributed to a small group of staff, the PHI was immediately redacted and secured. HIPAA Notification letter sent to Veteran/employee. Follow-up continue to remind staff to redact PHI/PII on presentation materials (all formats/media).