Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid South Healthcare Network (VISN 9)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on February 4, 2013. Also cited in 328 other reports.
Report ID: PSETS0000085457, U.S. Department of Veterans Affairs
Reported Entity: VISN 09 Memphis, TN
Issue:
A VA staff member found a number of files in the Mental Health Service conference room unattended. Further review of the incident by the Chief of Mental Health Service showed that one of the personnel from Joint Commission team who were on a one-week site assessment at Memphis VAMC (from 01/28/13 to 01/31/13) used the conference room to review staff competency folders and may have left them there for someone to pick them up. The folders included personal information of a Recreational Therapist, i.e. her SSN, Date of Birth and salary information. Other folders left did not contain any protected information, and only had staff names contained in the folders along with position descriptions and blank competency checklists. It is unknown when the Joint Commission personnel left the conference room and how long the folders remained there until someone found them; it is also unknown how many people may have accessed the protected information pertaining to the Recreational Therapist. Update: 02/06/13:The file was found in a room that is not accessible or used by anyone besides VA staff. This is a policy violation, but no data breach has occurred.
Outcome:
PO spoke with the VA staff responsible for this incident and provided education on VA policies regarding appropriate safeguards to protect agency sensitive information. Staff accepted responsibility for the incident and assured PO that henceforth she will be careful when handling folders and files for Joint Commission reviews. PO learned that the folders were picked up and handed over to Chief of Mental Health who secured them until PO was notified about the incident. However, PO could not determined whether or not personally identifiable information contained in one of the folders was compromised. The folders have since been taken back to their original storage location.PO has received signed notification letters from Medical Center Director's office, and will mail it to the affected VA employee whose PII was contained in one of the folders. A redacted copy of notification letter has been uploaded and attached to this incident. Incident is considered closed as of 2-22-2013.