Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Sunshine Healthcare Network (VISN 8)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on November 16, 2011. Also cited in 369 other reports.
Report ID: SPE000000068704, U.S. Department of Veterans Affairs
Reported Entity: VISN 08 Orlando, FL
Issue:
A VA employee in the Office of Worker's Compensation accidentally emailed Employee A's case summary sheet to Employee B, a staff nurse with the same first name as Employee A, both within the same building The case summary sheet was a PDF attachment in the email and the case worker was sending to Employee A for verification. When Employee B opened the email, she notified the case worker who in turn was advised to contact the Privacy Officer, which she did. Subsequent discussion revealed that the case worker had simply typed the intended recipient's first name, and accidently selected the wrong one during addressing. Additional discussion also revealed that the employee failed to encrypt the email as she normally does. Employee B has been advised to destroy/delete the errant email. Update: 11/16/11:Employee A will be sent a letter offering credit protection services.
Outcome:
Employee will re-sign Rules of Behavior. All other HR employees advised to double-check addressees before sending email.