Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Tennessee Valley Healthcare System
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on December 12, 2013. Also cited in 104 other reports.
Report ID: PSETS0000098032, U.S. Department of Veterans Affairs
Reported Entity: NASHVILLE TN - 626
Issue:
The Research Compliance Officer notified the Privacy Officer, Nashville Campus, of the following incident: During a review of informed consent documents and HIPAA authorizations for a research protocol, it was noted the boxes authorizing the use of three categories of 7332 information were not initialed. It appears the omission of the study participants initials was an oversight and lack of understanding the boxes needed to be individually initialed by the participants in order to access and use the 7332 information. Further discussion with the Study Coordinator revealed that 7332 information has been collected from all 21 participants enrolled in the study to date. The 7332 information has been entered on a study eligibility questionnaire and into a database located outside TVHS at the affiliate study site. Prior HIPAA authorization versions indicate the investigator did not plan to access, use, or disclose 7332 information. However, an amendment request, recently submitted by the Study Investigator to request use of 7332 information, was approved by the TVHS Institutional Review Board on October 23, 2013. The Study Coordinator was educated regarding the appropriate process to obtain approval for the use of 7332 information. The 21 participants will be asked to complete a new HIPAA authorizing the use of 7332 information.
Outcome:
12/13/13: Notification letters will be sent to 21 participants.