Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Midwest Health Care Network (VISN 23)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on September 6, 2011. Also cited in 183 other reports.
Report ID: SPE000000066486, U.S. Department of Veterans Affairs
Reported Entity: VISN 23 Omaha, NE
Issue:
A Provider left a folder with her patients' information on the top of her car at home and drove off and it blew off the side of the street. Two individuals in the public noticed them as they drove by thinking they could have been important documents because there was a couple manila envelopes and there are a lot of lawyers that live around there. The documents included a practitioner's patients list which included 333 patients' first and last names and full SSNs, along with a few outside medical records that were going to be scanned into VistA Imaging. All 338 patients' full name and full SSN were included but there were 11 patients whose full name, full SSN, and other health information from other facilities were included. The individuals from the public called the Privacy Officer (PO) who went to their house and retrieved the documents. They said they are pretty sure they gathered all the pages that were around. Update: 09/12/11:Three hundred and thirty-seven (337) Veterans will be sent letters offering credit protection services, due to full name and full SSN being exposed.
Outcome:
Sent redacted letters for promo codes. Disciplinary action along with education was given to the provider along with a meeting with myself and clinical staff regarding prohibiting the practice of bringing physical patient information home.