Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Sierra Pacific Network (VISN 21)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 28, 2011. Also cited in 141 other reports.
Report ID: SPE000000057625, U.S. Department of Veterans Affairs
Reported Entity: VISN 21 Honolulu, HI
Issue:
A former VA Pacific Islands Health Care System (VAPIHCS) employee appears to have either taken home paper copies or electronic copies of patient information. She filed a whistle blower complaint and included this sensitive medical information along with her complaint to the Office of Special Counsel (OSC) in Washington D.C. It appears the case was denied by OSC and the former employee appealed to the Merit Systems Promotion Board in San Francisco, CA. From there, an Administrative Judge at MSPB asked for copies of the file. Once the MSPB judge received the documents, they informed VAPIHCS Regional Counsel of the case and sent us copies of the documents. This is when our Regional Counsel noticed medical information had been disclosed and brought it to the VAPIHCS Privacy Officer's attention. The VAPIHCS Regional Counsel has asked the MSPB to seal the documents to prevent further disclosure of patients' information. At this point, the Privacy Officer cannot determine if the former employee just took home hard copies of the information or if electronic breaches occurred and were taken home also. The paper copies appear to be the former employee's own recount of patient information and also include copies of e-mails from when she was employed. It also includes what appears to be cut and pasted patient notes from the VA CPRS electronic health record. The notes include records of treatment, but do not contain patient demographics. Patient names, diagnoses, conditions, etc were disclosed in separate typewritten pages submitted to the OSC. Update: 01/31/11: There are 31 patients affected. Some are deceased. It is believed the former employee took the information home and so far has not been able to confirm it was just hard copies or electronic documents. 02/01/11 There were 31 total names mentioned in the document with their names and medical conditions.. Four cannot be confirmed because there are no notes in the electronic health record and there are no other identifiers and three are deceased. No SSN was included in the data. 02/02/10 The 24 living patients with identifiers will receive a letter of notification. The next of kin (NOK) of the three deceased patients will receive a lNOK letter.
Outcome:
A letter was sent to the former employee and privacy breach letters were sent to the affected Veterans. Both agencies that had a copy of the complaint by the former employee were informed they had privacy information that wasn't authorized for disclosure. They agreed to put additional protections on the information in their files to protect the individuals identity and medical information. Both letters are attached.