Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid South Healthcare Network (VISN 9)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on December 14, 2011. Also cited in 328 other reports.
Report ID: SPE000000069647, U.S. Department of Veterans Affairs
Reported Entity: VISN 09 Huntington, WV
Issue:
The Information Security Officer (ISO) received a call from Bank of America in Tampa, Florida regarding a box received 12/13/11 (but opened 12/14/11) that was addressed to Bank of America which contained files of Patient Records. The Information Security Officer (ISO) contacted the warehouse Supervisor with the UPS tracking number and he is arranging for the box to be shipped back to Huntington. The ISO recommended shipping it back inside another box so the labels are intact to help determine how this mistake occurred. It was reported that it appeared, without close examination, to be multiple files on one Veteran, each in a folder with a cover sheet. Update: 12/15/11:The box has been shipped and should arrive tomorrow. Warehouse Supervisor is investigating how the mistake occurred. Privacy Officer will be notified as soon as the box of records arrives.12/19/11:The box contained full name, full SSN, DOB and medical information on Veteran A, therefore Veteran A will receive a letter offering credit protection services.
Outcome:
Clerks completed UPS shipping training. Also, stored addresses were removed from the system so they would have to be typed in each time, hopefully avoiding similar situation in the future.