Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Healthcare - VISN 4 (VISN 4)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on February 8, 2011. Also cited in 239 other reports.
Report ID: SPE000000058067, U.S. Department of Veterans Affairs
Reported Entity: VISN 04 Clarksburg, WV
Issue:
A VA employee planning to use a government vehicle found a packet of information containing patient names, SSNs, and appointment dates. The preliminary investigation determined that the packet had been left in the vehicle by another employee on 10/26/10. Update: 03/04/11: The Associate Director (AD) and Privacy Officer investigated this incident and found that on 10/26/10, the supervisor utilized the vehicle to provide training. Apparently this packet of information fell out of her folder between the seats or under the seat. It was clipped together along with being stapled, so there is no reason to believe any pages are missing. Between 10/27/10 and 11/16/10, there were 14 government employees who utilized this vehicle. None of them recall seeing any papers in this vehicle, which indicates they had indeed slid between the seat and console or under the seat and out of sight. These were all government employees, and would not have had any civilians or family members in the vehicle with them. Between 11/16/10 and 01/31/11, the vehicle was locked and parked in facility parking lot after being involved in a collision with a deer on 11/16/10. On 01/03/11, the vehicle was taken to a body shop to have the damaged fender and headlight replaced. The VA employee who took the vehicle over to the body shop and picked it up on 02/02/11 did not see any paperwork lying in the car, again indicating that this sensitive information was not in visible sight of anyone getting into or out of the car. Between 02/02/11and 02/08/11, there were 2 employees who drove this vehicle after the repairs had been made and prior to the information being discovered. Again, no one other than VA employees would have been in or driven this vehicle during that time. The AD believes that on late 02/07/11 or early 02/08/11, the car was cleaned and detailed by VA staff. The AD has not yet identified which staff member, but believes that while vacuuming the car and cleaning it that the staff member found this information between the seats or under the seat and set it on the front passenger seat to be found. On 02/08/11, the employee planning to use this vehicle that day saw the information and reported it. The supervisor who provided the CBOC training was reeducated on securing sensitive personal information. The 1629 patients will receive a letter offering credit protection services and the incident will be reported to HHS under the HITECH Act. 03/11/11: After a complete count, the number unique Veterans involved is 1,470. The press release and letters of notification are being drafted. The estimated date to have the mailings complete is 03/17/11.
Outcome:
The employee was educated on this incident and re-educated on the importance of making sure all information is taken out of the vehicle when exiting