Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Mid-Atlantic Health Care Network (VISN 6)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on October 24, 2011. Also cited in 187 other reports.
Report ID: SPE000000067935, U.S. Department of Veterans Affairs
Reported Entity: VISN 06 Durham, NC
Issue:
On 10/17/11, a Work Without Compensation (WOC) employee/Research Assistant took nine (9) full names of Veterans, address, full social security number, and telephone number from the VA to Duke to recruit Veterans for a research study. The protocol called for the recruitment to be conducted at VA. The paper with nine (9) names was stored in the Research Assistant's Office until it was disposed of in a locked box for shredding purposes. The shredding reportedly took place today. Update: 10/25/11:The WOC did ask a student working at the Duke lab to make a call to the Veterans. The student had the list for 30 minutes. That is the only person besides the WOC that saw the information.11/01/11:The 9 Veterans will be offered credit protection services.
Outcome:
PO states the entire staff is to attend informational training session. Review Scopes of Practice with each staff member regarding what their duties are and clearly delineate what each staff member's responsibility is. PI is to put together a curriculum of how staff will be trained (ISO, Privacy, RCO, etc.).