Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Heartland Network (VISN 15)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 23, 2012. Also cited in 149 other reports.
Report ID: SPE000000070910, U.S. Department of Veterans Affairs
Reported Entity: VISN 15 Kansas City, MO
Issue:
A student employee working in IRM submitted a written complaint to the Marion, IL Privacy Officer. The employee has claimed there was inappropriate disclosure of personal employment information to medical center Staff to include the employees Service Chief. The information disclosed included OPM Investigator notes, transcripts of interviews with references, and detailed Background Investigation findings. Disclosure was made by a Human Resource Supervisor to various VAMC staff.Note: This ticket was originally entered as a complaint on 1/19/12. The ticket could not be re-opened to update status to confirmed incident. Update: 01/23/12:The student employee will be sent a letter of notification.01/31/12:Upon further investigation and consultation with VHA Privacy Service it was determined that a routine use in OPM SOR allowed for the disclosures made. A letter rescinding the letter of 01/23/12 to the employee (complaintant) has been sent and should be attached to this ticket.
Outcome:
VAMC Supervisor notified of employee Privacy Act violation. Recommend training and future consultation with facility Privacy Officer prior to releasing OPM records to VMC staff based on "potential" need-to-know.