Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid South Healthcare Network (VISN 9)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 10, 2012. Also cited in 328 other reports.
Report ID: SPE000000070546, U.S. Department of Veterans Affairs
Reported Entity: VISN 09 Louisville, KY
Issue:
A Medical Records Coder left a binder of coding reports outside of the admissions area around the smoking area. These reports covered the date ranges of 10/20/11 through 01/09/12. These reports had patients' full names, full SSN and discharge dates. This binder was being kept for productivity purposes. Update: 01/10/12: The binder was left outside the admissions area at approximately 3:30 PM and was discovered by a Veteran inpatient. The Veteran inpatient turned the binder in to the Administrative Officer of the Day (AOD) of the second shift at approximately 6:30 PM. The foot traffic in this area at that time of day is moderate to light. There are cameras in the area. The Privacy Officer (PO) is requesting VA Police to review the recordings for the time frame during which the binder was near the smoking area to determine if any unauthorized personnel looked at the binder and to determine the time elapsed between discovery by the Veteran Inpatient and the turn in of the binder to the AOD. The information is intact and nothing is missing from the binder. 01/17/12: The Privacy Officer viewed the footage from the camera located in the area where the binder was misplaced. The PO was unable to determine whether anyone tampered with this binder, as the camera at this outside entrance is fixed on one location and the area that the binder was located in was out of view. 01/20/12: The Privacy Officer has indicated the number will be lower than the original estimate of 1,658. It appears the number will be below 1,000. The Privacy Office expects to have a final count by Monday, 01/23/12. 01/24/12: The final count on the affected individuals is 1,182. Each will receive a letter offering credi tprotection services.
Outcome:
The PO suggested to the Coding Supervisor that she speak with all her coders and ensure that no one else is keeping this type of log. She recommended that the employee be educated on the policies and procedures that VA has in place with regard to safeguarding patient information. The Supervisor will re-educate this employee with regard to Privacy and safeguarding information. HR is doing an investigation based on my initial fact finding. HR and Chief of the service that this employee belongs to are discussing further remediation.