Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Tennessee Valley Healthcare System
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 18, 2015. Also cited in 104 other reports.
Report ID: PSETS0000116846, U.S. Department of Veterans Affairs
Reported Entity: NASHVILLE TN - 626
Issue:
Today, the following incident was reported to the Privacy Officer (PO), Nashville Campus: On 03/17/15, at 4:15 PM, the Chief, Health Information Management Service (HIMS), Louisville VAMC (who was at TVHS for training) noticed the travel box located in the front lobby was open, the forms scattered on the ground, and several Veterans standing guard around the documents. The Chief, HIMS, Louisville VAMC, confiscated the documents and brought them to the travel clerk for safekeeping. The documents contained the full name, Social Security Number, and address of approximately 75 Veterans. The Chief, HIMS, Louisville stated it appeared the documents had not been compromised due to the Veterans vigilance. Upon investigation, the Privacy Officer (PO) found the locking mechanism on the box is broken and a work order has been entered to repair it. The Supervisor, Travel, will have his staff place a "Do Not Use" note on the box and refer patients to travel window to pick up their pay. Per VA Police Service, there is a video camera in the area and staff is checking to see if it captures activity near the travel box.
Outcome:
03/20/15: PO update -- The police were unable to see the incident on film. I have no way of knowing how the documents became scattered on the ground. The latch was broken on the box and worked intermently so the assumption is the box flipped open. The latch was repaired the same day. In April, the box will be replaced with a travel kiosk which will allow the Veterans to submit their travel claims electronically. I also have no way of knowing the identity of the Veterans impacted. The forms were given to the travel clerk who placed them in a large stack of other travel claims. 03/20/15: The Incident Resolution Service Team has determined that there was a policy violation. While there was a risk of unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.