Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Rocky Mountain Network (VISN 19)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 5, 2012. Also cited in 133 other reports.
Report ID: SPE000000070437, U.S. Department of Veterans Affairs
Reported Entity: VISN 19 Denver, CO
Issue:
A VA employee from Home Based Primary Care left a box of information outside of Building 4 which contained documents including patients' names, full SSN, visit dates, diagnosis, addresses, phone numbers and patient inquiry information. The estimated number of Veterans affected by this incident is unknown. An exact count will be provided after assessing the entire box of documents and developing a list of patients affected. A VA Police Officer first noticed the box and took possession of it at 3:30 PM on 01/05/12. The Police Officer determined that the box belonged to Home Based Primary Care by looking at the content of the documents. The Police Officer contacted the Home Based Primary Care coordinator to ask if the box belonged to her and she acknowledged that it was hers. She informed the Police Officer that the box had been left unattended from about 8:00 AM to 3:30 PM. Update: 01/06/12: The employee used the box to transfer information from work to home. When bringing the box back into work one morning she set it down by the door outside the building then forgot it. The box contained records of 168 patients. Letters of credit protection services will be sent to 168 patients. 01/09/12: After further review of the documents, the number of patients affected has been confirmed to be 186. The 186 patients will receive a letter offering credit protection services. 01/18/12: The employee did have authorization to take the information home, however did not appropriately secure the information while it was in transit.
Outcome:
On 01/06/12, the Privacy Officer (PO) interviewed the employee and updated the total number of Veterans affected. The box was examined by the PO and the employee stated the box was not tampered with. The PO completed the investigation on 01/13/12 and sent a letter to the employee's supervisor requesting appropriate corrective action and also recommended that the employee retake the Privacy and Security Awareness training and Rules of Behavior and the VA Privacy and HIPAA training. Training completed.. Credit Monitoring letter mailed 2/9/12