Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid-Atlantic Health Care Network (VISN 6)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on April 20, 2012. Also cited in 187 other reports.
Report ID: SPE000000074451, U.S. Department of Veterans Affairs
Reported Entity: VISN 06 Salisbury, NC
Issue:
A VA employee sent a complaint to Joint Commission containing personally identifiable information (PII) and protected health information (PHI) along with a 7332 diagnosis. The Veterans are residents in the VAMC Community Living Center. The employee included the names of three residents and specified that one of the residents is an alcoholic and drug addict and probably HIV positive. Update: 04/23/12:The three Veterans will receive a letter of notification.04/24/12:An appeal was filed. The DBCT reviewed and denied the appeal based on the following. While the disclosure of personally identifiable information (PII) and protected health information (PHI) to the Joint Commission is permitted under the HIPAA statue, it is not permitted under 38 USC section 7332. Notification is required in accordance with PL 109-461.
Outcome:
Notification letters were signed and mailed 6/6/12. The employee was re-educated on release of information of 7332 protected information. A fact-finding was performed and provided to Human Resources service for appropriate corrective action regarding the inappropriate release.