Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Southwest Health Care Network (VISN 18)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on February 28, 2012. Also cited in 228 other reports.
Report ID: SPE000000072242, U.S. Department of Veterans Affairs
Reported Entity: VISN 18 Phoenix, AZ
Issue:
Today at 11:15 AM, the Women\xe2\x80\x99s Program Manager notified the Privacy Officer (PO) of a privacy event involving Veteran B. The PO was told that Veteran B left the VA with Veteran A\xe2\x80\x99s appointment schedule. This appointment schedule was previously provided to Veteran B on 12/15/2011 by another clinic. Today, when Veteran B went to this clinic for an appointment, they informed her that no appointment for her was scheduled. They reviewed the document that she had with her which turned out to be the scheduling sheet of Veteran A. The clinic staff accommodated Veteran B with an appointment slot but did not recover the document. The Patient Advocate and the Women\xe2\x80\x99s Program Manager were notified. The Women\xe2\x80\x99s Program Manager instructed Veteran B to relinquish Veteran A\xe2\x80\x99s schedule which was refused. Veteran A\xe2\x80\x99s information on the scheduling sheet included only first name, last name and last 4 digits of the SSN. There was no diagnosis, address or other contact information. Veteran A ran from Women\xe2\x80\x99s Program Office with materials before the PO could arrive. The VA Police were notified. There is a low indication of theft based on what VA provided to her in error. However, the documents were requested back to protect other Veteran which Veteran B refused to do. Update: 02/28/12: Veteran A will be sent a notification letter. 03/01/12: Veteran B who has the information has still not returned the information, and is posting information about what the VA has done on Facebook, Twitter, and the local press. The VA Police have been unsuccessful in getting the VA information back on Veteran A.
Outcome:
The Outpatient Chief discussed and counseled the employee involved in the incident. Disciplinary action is being reviewed. A HIPAA notification and complaint response were drafted for Regional Counsel review. The letters to both Veterans A & B were signed by the Director and mailed to them.