Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Desert Pacific Healthcare Network (VISN 22)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on February 2, 2011. Also cited in 129 other reports.
Report ID: SPE000000057803, U.S. Department of Veterans Affairs
Reported Entity: VISN 22 Los Angeles, CA
Issue:
On 02/02/11, an employee reported that a laptop connected to an electromyography (EMG) device at the West LA campus was stolen. The laptop was not encrypted because it was connected to a medical device. The laptop was last seen on 01/27/11. The laptop contained an undetermined number of patients' last name and last 4 of the SSN. The laptop was not connected to the Network and has been non-functional for months. Update: 02/02/11: There are no cameras in the area. The laptop was secured to the top of the EMG unit. It was stored in an exam room that is located within the Physical Medicine & Rehabilitation Outpatient Clinic. The outer doors of the clinic were locked. The exam room where the laptop was located also locks, but the Information Security Officer (ISO) cannot confirm if the door was locked during the period of time that the laptop was taken. The Report of Survey was submitted to the ISO. 02/04/11 The information that could be on the laptop is the last name and last 4 of SSN which would be associated with wave forms with numerical data. There is no clinical history, assessment, interpretation or treatment plan information. There may be up to 20 VA patients' information on the laptop. The clinicians will provide a list of the days they used the machine and compare that to VistA appointment records to get an exact count. Also, Information/results are manually documented in Computerized Patient Record System (CPRS) by the house staff/attending physician. 02/08/11: Through process of elimination, the Privacy Officer identified approximately 125 potential patients, of which 20-25 of these patients may have information (last name and last four of social security number) stored on this laptop. Therefore, 25 Patients will receive a notification letter. 03/07/11: Appeal was reviewed during the weekly DBCT conference call. The appeal was denied due to the fact that it is unknown which of the 125 Veteran/Patients information was on the workstation, all will receive a letter offering credit protection services.
Outcome:
Resolution: The Director, Acquisition & Material Management and the VA Police were notified by the ISO that the department reported a stolen laptop. The ISO has ensured that the staff are aware of our security policies and procedures and have reinforced this to the Chief of the Department and the physician who is thought to have left the room unlocked. Notification letters have been mailed.