Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Northwest Network (VISN 20)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 23, 2012. Also cited in 208 other reports.
Report ID: SPE000000070944, U.S. Department of Veterans Affairs
Reported Entity: VISN 20 Portland, OR
Issue:
Veteran A contacted the Portland VA's Transplant department to complain that his health information had been emailed without his authorization to his Aunt on faxed the transplant department a copy of the email his Aunt had received. The facility Privacy Officer was contacted by a transplant employee and given the fax. The email contains approximately 11 lines of text that were copy and pasted from a Nov 9, 2011 note in the Veteran A's VA medical record with additional comments added. This email could not have been sent encrypted as the recipient address was not within the VA mail system.The first and last names of Veteran A, Veteran B, and the Aunt are included in the email, but no other identifiers were included. Update: 01/24/12:Veteran A will be sent a notification letter, as his PHI was disclosed inappropriately.
Outcome:
The employee has been counseled not to disclose any Veterans information without having written authorization and a summary of the Privacy Officer's fact finding has been sent to Human Resources for them to determine disciplinary action. A notification letter is being mailed to the Veteran.