Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Asheville VA Medical Center
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 11, 2015. Also cited in 16 other reports.
Report ID: PSETS0000119293, U.S. Department of Veterans Affairs
Reported Entity: ASHEVILLE NC - 637
Issue:
A Release of Information (ROI) employee's supervisor gave CPRS documents to an employee to question his/her inactivity. The ROI employee gave the documents containing names and SSNs to his Union representative. The representative contacted the Privacy Officer (PO) and the Information Security Officer (ISO). The documents were secured in locked drawer by Union representative. It was believed Union representative may have been authorized access to the records so as to represent his/her Union member and conduct investigation.
Outcome:
05/13/15: PO update -- pending meeting with ROI supervisor. 05/15/15: PO updated -- Scheduled to meet with AFGE representative next week. 05/18/15: The Incident Resolution Service Team has determined that there was a prrivacy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.