Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Heartland Network (VISN 15)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 8, 2011. Also cited in 149 other reports.
Report ID: SPE000000059270, U.S. Department of Veterans Affairs
Reported Entity: VISN 15 Marion, IL
Issue:
A staff member accessed the medical record of a person applying for a VA job. The VA staff member apparently checked the record in an attempt to determine if he would be a poor candidate and told the selection team information about the applicant. The supervisor has counseled the employee that this was an inappropriate reason to access the record. Update: 03/08/11: The applicant will receive a notification letter due to the staff member inappropriately accessing his medical information.03/15/11: An appeal was filed. The DBCT reviewed and denied the appeal based on evidence submitted that the employee inappropriately accessed the record of the applicant. Notification is still required.
Outcome:
The following actions have been taken: 1. Interview panel comprised of new members, re-interviewed all applicants. 2. Employee in question has retaken privacy and information security training. 3. Privacy and information security training was given to the entire department in which the employee works. 4. Proposed administrative action is scheduled to be issued on 04/01/2011. 5. Educational message regarding access, use, and disclosure of information was sent to all supervisors; request was made that supervisors share the information during staff meetings. 6. Privacy Officer and ISO have extended an offer for face-to-face training during staff meetings. 7. Incident is considered closed (from the Privacy Officer and ISO's perspective).