Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Northwest Network (VISN 20)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on February 27, 2013. Also cited in 208 other reports.
Report ID: PSETS0000086179, U.S. Department of Veterans Affairs
Reported Entity: VISN 20 Portland, OR
Issue:
A VA provider had his appointment book stolen on 02/27/13. It contained the first and last initials and last 4 digits of the SSNs for 13 Veterans and the date, time, and abbreviation for the clinic location the provider met with them. There was no other protected health information (PHI) or additional notes recorded in the book. The employee reported the incident to his supervisor and the facility Privacy Officer (PO). VA Police have been notified as well, but a report number has not been provided. Update: 02/27/13:The 13 Veterans will receive a HIPAA letter of notification.03/05/13: An appeal was filed. The DBCT reviewed and denied the appeal. The person who stole the appointment book knows the provider's name and therefore the provider's service and could possible deduce the patients' names and from the initials. The provider can give the patients a verbal notification or hand deliver a letter is it is in the best interest of the patient.
Outcome:
NA