Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid South Healthcare Network (VISN 9)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on August 4, 2011. Also cited in 328 other reports.
Report ID: SPE000000065425, U.S. Department of Veterans Affairs
Reported Entity: VISN 09 Nashville, TN
Issue:
On 07/13/11, the Privacy Officer (PO) at the Nashville campus received a written request from a Veteran/Employee for a Sensitive Access Report (SAR). SAR was provided to the Veteran/Employee. On 07/14/11, the Veteran/Employee reported two employees (his supervisor and a co-worker) accessed his CPRS records inappropriately. On 07/19/11, the Privacy Officer (PO) initiated an investigation and found the accesses were not justified. Specifically: The supervisor had obtained authorization, via VA form 10-5345, to access the Veteran/Employee's CPRS records to determine his ability to return to duty. This is an inappropriate mechanism in that documentation for leave purposes should be submitted voluntarily by the employee and not obtained through a Release of Information (ROI) authorization. Additionally, one access was made after the authorization expired. The co-worker accessed the Veteran/Employee's record as a wellness check as he had been out for two weeks and she was unable to reach him by phone or via social media. The PO will forward findings of investigation to management for appropriate follow-up. Update: 08/04/11: The employee will be sent a letter offering credit protection services.
Outcome:
8/24/11 - Through PO investigation, it was determined the two employees' accession of CPRS records was inappropriate. Both employees will receive a formal counseling which will be included in their six (6) part folder. CM letter mailed.