Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
South Central VA Health Care Network (VISN 16)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on January 14, 2013. Also cited in 317 other reports.
Report ID: PSETS0000084641, U.S. Department of Veterans Affairs
Reported Entity: VISN 16 Little Rock, AR
Issue:
A discussion in an Institutional Review Board (IRB) meeting revealed a privacy violation regarding recruitment. The facility doesn't know how many Veterans' records were accessed, nor how many Veterans' Protected Health Information (PHI) was collected/used in the recruitment activities. Also, the language of the combined consent did not have all the necessary HIPAA elements. Additional information has been requested from the Principal Investigator (PI). The IRB voted to suspend the study on 01/09/13. Update: 01/22/13: The Research Compliance Officer sent the report to the Office of Research Oversight (ORO)). They are reviewing documents and will provide a formal response according to the email sent on 01/18/13. The audit has not been conducted but as soon as results are available, the Privacy Officer (PO) will update the ticket. 02/14/13: The IRB discussed this on 02/13/13. Two hundred eighty four Veteran records were accessed without appropriate informed consent (IFC) or HIPAA authorizations and without appropriate ICF and HIPAA waivers. From these 284, PHI was collected and placed in the Records Management System (RMS). This was part of screening for enrollment into the study, and no authorizations/waivers for this PHI collection. Seventy five Veterans signed informed consent to particiapte in Randomized Clinical Trial (RTC) portion of the study. Of these 75, one has no IFC or HIPAA authorization on file. Forty of 75 signed appropriate HIPAA authorizations. Of the remaining 34 Veteran participants in the RTC group, none of them provided compliant HIPAA authorizations either due to refusal (2 were UAMS oversight), total lack of HIPAA authorization (24-West Haven oversight), or incomplete HIPAA language (9 CAVHS oversight) The IRB has made determinatoins that both facility and investigator were in serious and continuing non-compliance, and the study remains suspended at this time. 02/15/13: The Research Compliance Officer confirmed that all data has been securely stored within VA except for one informed consent form/HIPAA authorization that is missing. The one item missing does not contain the DoB or full SSN. 02/19/13: The DBCT discussed this on 02/19/13. The one Veteran with the missing authorization will be sent a notification letter.
Outcome:
Research Compliance Officer is working with the involved PI regarding issues with this study. Please see attached letter that went out 3 11 13 to the individuals who's consent could not be located in the audit... please close ticket