Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Healthcare - VISN 4 (VISN 4)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 27, 2013. Also cited in 239 other reports.
Report ID: PSETS0000087288, U.S. Department of Veterans Affairs
Reported Entity: VISN 04 Butler, PA
Issue:
On EOC Rounds on 3/27/13, Bldg. 2 was reviewed. In the basement of building two (no room number) in a room that contained ceramic and recreation information a card file was found that contained information: Patient Name, Last four of SSN, and Diagnoses. The room normally has a key code combination to gain entry into the room, but the room was not locked. Also found was a strap to use to keep the door open so that door could not close and be locked. The strap was removed and taken by the Privacy Officer (PO). The PO's made sure room was locked when they left.Due to the fact that the room was not locked and anyone could gain access to it, the PO's have no way to determine who saw the information on the card file. Update: 03/27/13:Three (3) Patients will be sent HIPAA notification letters.04/15/13:After another update from the Privacy Officer, two patients are deceased, therefore two (2) Next of Kin Notifications will be send and one (1) HIPAA notification letter will be sent.
Outcome:
The PO and Program Manager of the area involved took the card file and destroyed it per Sensitive Record Destruction Policy. It was an old card file. Staff were also reminded to be aware of what information is laying around in their work areas and no PHI/PII information should be left out.