Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Northwest Network (VISN 20)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 25, 2011. Also cited in 208 other reports.
Report ID: SPE000000062965, U.S. Department of Veterans Affairs
Reported Entity: VISN 20
Issue:
On 05/20/11, The Pacific Medical representative and his associate came to the sterile processing department (SPD) supervisor's office to show her three invoices that needed to be paid for. He asked the employee to put in a purchase order (PO) for the items used in Orthopedic surgery cases. The supervisor has a copy of each invoice. The supervisor reminded him that he is not supposed to bring in items into the medical center for the surgeons to use on a case until there is a PO in place. The supervisor then called the chief of SPD to advise her of the need to put in a PO for the items. She instructed the supervisor to hold off until she spoke with the Manager of Materiel Management on the matter. The supervisor also advised the chief that there was a patient sticker on two of the three invoices with the full SSN on the stickers. The supervisor asked Pacific Medical representative about them and if his company required such information for billing. He said no. The supervisor told him that this information is private and should not be leaving the facility. He took a black marker and marked off the SSN on the two sheets. Update: 05/25/11:Patients A and B will be sent a letter offering credit protection services.
Outcome:
Provided education to VA staff that printed labels with patients SSN and name to ensure future events do not occur. Policies are being reviewed to assess the way in which vendors are accessing the hospital premises and patient sensitive information.