Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid South Healthcare Network (VISN 9)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on November 7, 2012. Also cited in 328 other reports.
Report ID: PSETS0000082110, U.S. Department of Veterans Affairs
Reported Entity: VISN 09 Memphis, TN
Issue:
Three VA employees, who currently work at Pathology and Lab, reported through the union President that their personal sensitive information (i.e. full SSN) has been inappropriately used and exposed by the Core Lab night supervisor. The fact of the incident is that, the complainant's temporarily agreed to change their tour of duty for 6 months (i.e. 4:00 am to 12:00 noon). The employees discussed the arrangement with the day shift Core Lab supervisor who agreed to follow up with an email to confirm the discussion so the complainants would be able to have a paper confirmation to validate the agreement. A couple of days later both complainants received a paper memo from Core Lab night shift supervisor highlighting on the agreement and requested them to sign to acknowledge so that copies of the memo would be forwarded to the Chief of Path and Lab and Core Lab day\night shift supervisors. Complainants stated the memo contained their full names, full SSN, and their GS salary scale with step. The complainants were concerned about inappropriate use of their full SSNs on the memo and stated it was unnecessary for the night supervisor to use them on the memo. Though they expressed their dissatisfaction about inappropriate use of their SSN, the night shift supervisor would not listen to their concerns. The night shift supervisor then went away and tore two copies of the memo into pieces and discarded them into an open box that was being used (temporary) to keep sensitive papers awaiting shredding. The complainants' main concern is that since the box was not properly secured to prevent inappropriate access, their full SSN may have been exposed to VA employees. Update: 11/08/12:Due to the concern the 3 VA Employees had about exposure the three employees will be offered a letter for credit protection services.
Outcome:
PO has concluded his fact-finding on this case. He met and spoke with 4 employees who were connected with this incident: 2 complainants and 2 supervisors. Initially it was reported to PO that 3 employees were involved (i.e. complainants). Later PO spoke with the 3rd complainant who declined to press charges or file a complaint against the supervisor. During the fact-finding process, the evening shift supervisor admitted the wrongdoing for composing the memos with employees full SSN. He stated he was ignorant that identifiable information such as SSN could not be placed on internal correspondence between a supervisor and employee. PO educated him on appropriate use of SSN in the performance of his official VA duties and he was appreciative of the guidance provided by PO regarding this incident. He assured PO he has learned a new lesson from this incident and would ensure such an incident will not occur again. Based on the circumstances surrounding this incident, PO determined that the complainants full SSNs may have been compromised. PO has completed Credit Monitoring letters on two of the complainants and distributed them. Scanned redacted copies of the CM Letters have been uploaded into PSETS as required. This incident is considered closed as of 11/23/2012.