Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Sioux Falls Regional Benefit Office
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on September 19, 2013. Also cited in 28 other reports.
Report ID: PSETS0000094830, U.S. Department of Veterans Affairs
Reported Entity: SIOUX FALLS SD - 438
Issue:
A VA employee left a list of 524 consults needing to be scheduled on clipboard in locked office on Friday afternoon. On Monday morning the clipboard was there without the list. The list has not been recovered. The room was locked during this time, and only VA employees have access to the room.
Outcome:
09/23/13: The room where the list was left was locked at 4:00 PM on Friday. Janitorial staff did not have access to the room and the trash was still there Monday morning. The list was also not found in the trash. Only Nurses, Providers, and Schedulers who work in the Primary Care area have access to this room. The Privacy Officer has sent a message to all who work in Primary Care asking if anyone has the list. 10/02/13: The Privacy Officer has sent an email to each person working in the area and has not received any responses stating the list has been located. Only VA employees have access to the room the list was in, however, it is unknown what happened to the list. Notification letters will be sent to all 524 Patients. 10/17/13: After preparing the mailing list for notification, the facility realized that the total number of Veterans requiring notification is 498. HIPAA notification will still be accomplished, however, a press release is no longer required. 10/23/13: The Sioux Falls VA Health Care System, in collaboration with the VISN leadership, 10N, VHA Privacy Office, and NSOC IRT team was prepared to publically acknowledge this potential loss of patient identifiable information. The initial communication package, which included letter of notification to Veterans, VA public statement, congressional notification, news release and sample Q&A, had worked its way through VHA concurrence process and was approved for implementation. On October 18, 2013, the Sioux Falls Privacy Officer began executing the communication plan. He requested the Administrative Officer for Primary Care to prepare a mailing list to send Veterans letters of notification. The names were entered into an Excel spreadsheet and some of the names on the list were identified as duplicates. When duplicate names were removed from the list, the number of names on the list dropped to 498. This new information was communicated to the NSOC-IRT by the facility privacy officer. It was at this time the privacy officer was advised by NSOC IRT that the public notice (news release) was not needed. However, IRT said the requirement to notify HSS would need to remain in the plan. The Communication plan was modified accordingly and information was shared with VHA.