Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Heartland Network (VISN 15)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 9, 2012. Also cited in 149 other reports.
Report ID: SPE000000075287, U.S. Department of Veterans Affairs
Reported Entity: VISN 15 Wichita, KS
Issue:
During a review of the Daily Access To Sensitive Records report on May 3, it was identified a volunteer accessed the medical records of two VA employees on May 2 who were married with the same last name. The Information Security Officer (ISO) disabled the volunteers network account on May 3 until a meeting was arranged to determine if a violation occurred. .On May 9, the ISO conducted a meeting with the Director of Volunteer Services, the Privacy Officer and volunteer to inquire why volunteer accessed employee records. The volunteer stated she accessed records to inquire on the age of both VA employees (a retirement party for one of the employees was on May 2) and the volunteer said she was aware she should not have accessed medical records. The ISO and Privacy Officer informed volunteer access to medical records for anything other than official business is strictly prohibited. The volunteer was previously assisting VISN 15 validating insurance. The Director of Volunteer Services will eliminate access to CPRS and remove menu/keys not applicable to assigned duties. Update: 05/09/12:The two VA Volunteers will receive a letter offering credit protection services.
Outcome:
Met with volunteer and supervisor. Provided education and training to volunteer. Credit Protection letters sent to affected individuals.