Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Northwest Network (VISN 20)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 30, 2013. Also cited in 208 other reports.
Report ID: PSETS0000085263, U.S. Department of Veterans Affairs
Reported Entity: VISN 20 Portland, OR
Issue:
A facility Privacy Officer (PO) walked past a vehicle parked on the VA campus and noticed a stack of medical records in the front passenger seat of a car. The VA Police assisted in identifying the owner of the vehicle who is a contract VA Provider. The provider met the PO at the vehicle and the records were determined to be from his private practice. The only VA information was todays VA Surgery schedule which the provider explained he had unintentionally left in the vehicle when he had gone to the car during the day. It is anticipated that the schedule was left unattended for approximately 45 minutes to an hour. It was folded and only 5 Veterans' names, full SSNs, full dates of birth, and the type of surgery scheduled were viewable. There were 20 others that were not viewable through the window and it is not believed the vehicle had been accessed while the provider was away because it was locked. The PO has the document in his investigation file. Update: 1/31/13:The 5 Veterans' whose names, full SSNs, full dates of birth, and the type of surgery scheduled that were viewable, will receive a letter offering credit protection services.
Outcome:
The provider who placed the records in the car did not intend to do so and he has been directed by his supervisor and the Privacy Officer as to the need to be careful while handling documents to ensure they cannot be lost or compromised.