Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Eastern Colorado Health Care System(ECHCS)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on February 5, 2015. Also cited in 47 other reports.
Report ID: PSETS0000114926, U.S. Department of Veterans Affairs
Reported Entity: EASTERN COLORADO HCS - 554
Issue:
A former VA employee, released a wait list to a reporter as a "whistle blower." The list had scheduled dates, last four digits of the SSN, and clinic names. It is possible the list also had first and last name. The media used the list in reporting a story and had stated "they have redacted protected health information (PHI)" to protect the Veterans. However, it is unknown when and who redacted the information and how many unredacted lists could still be at large. This incident occurred in the Sleep Clinic, a clinic which previously had two missing laptops this year. It is unknown if this is related, but it is possible.
Outcome:
02/17/15: The list contains information on 508 patients. It is not known how the employee obtained the list. 02/25/15: The facility Privacy Officer has been provided the list which the media obtained. At this point, it is not known how the media obtained the list and when it was redacted. The employee left employment on 06/27/14 and contacted the media in September, 2014. The employees computer access has been terminated. It is not known if the employee printed the list prior to separating or if a current employee provided them the list. The DBCT suggested that the VISN PAO contact the media to ask for the original document to be returned to the VA. The VISN PAO has stated that relations between the facility and the local media are not the best and there have been several negative stories about the facility in the news recently. It is possible the list was redacted prior to leaving VA custody. 03/02/15: The Regional OPIA has consulted with the facility and repors that the individual has admitted to taking VA records, lists and emails with them. 03/09/15: The documents in the HAS shared folder were reviewed. These are the documents which the employee had access to. The document contains the Veterans' name, last initial/last four digits of the SSN, the patient's desired date, and the referring clinic. There was one duplicate name on the list so it is 507 total patients affected.