Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Captain James A. Lovell Federal Health Care Center
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on July 9, 2014. Also cited in 22 other reports.
Report ID: PSETS0000106307, U.S. Department of Veterans Affairs
Reported Entity: CAPTAIN JAMES A. LOVELL FHCC - 556
Issue:
The Information Security Officer (ISO) received a complaint concerning the VETS LINK kiosks. The Privacy Officer (PO) indicated that the Patient Advocate also received the complaint. A survey was conducted of 13 of 16 locations and Sensitive Protected Information (SPI) is exposed in 12 of the 13 locations visited. Community Based Outpatient Clinics (CBOCs) were not visited.
Outcome:
07/10/14: When the ISO approached each of the VETS LINK Kiosks, they were placed in locations where multiple other patients could plainly see the SPI of the patient logging in with the Vet ID Card. If the patient did not have an ID card, the option was presented to log in with a full SSN. The ISO was not asked to review any of the placement locations. Privacy was on the implementation Team, but Information Security was not. The ISO has recommended repositioning and relocation. The kiosks already have privacy screens and signage will not remediate the problem.