Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Healthcare System (VISN 10)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 21, 2011. Also cited in 119 other reports.
Report ID: SPE000000059843, U.S. Department of Veterans Affairs
Reported Entity: VISN 10 Columbus, OH
Issue:
The Privacy Officer (PO) was contacted by a facility employee who said that a patient/Veteran (Veteran A) she was working with today told her that he had received copies of another Veteran's (Veteran B) medical records (cardiology) mixed in with his records when he requested copies of his medical records from a "sister VAMC" in our VISN. He requested that PO contact him. The PO called him back and Veteran A says he and Veteran B have the same last name. He said he was not going to give back the records until the VA "negotiated" with him about his medical problems. The PO stated she would need to contact a VA attorney on this. Veteran A was polite but stated that unless he hears from someone and something is done about his issues, he will contact his Congressman or "go public" about the records mix-up. Update: 03/22/11:The records of Veteran B included full SSN and medical information. Veteran B will be sent a letter offering credit protection services.
Outcome:
All staff who release information by virtue of their position have been notified to look carefully at records they are releasing especially at full name and not just last name and other identifiers prior to releasing. Credit monitoring letter mailed to patient whose information was inappropriately disclosed. Letter going to patient who received the information incorrectly requesting that it be returned; an SF 95 is also being sent to this same patient as he has treatment concerns.