Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Phoenix VA Health Care System
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on June 24, 2015. Also cited in 102 other reports.
Report ID: PSETS0000121295, U.S. Department of Veterans Affairs
Reported Entity: PHOENIX AZ - 644
Issue:
Today, 06/24/15, the Privacy Officer (PO) received a report of an unauthorized disclosure of personally identifiable information/protected health information (PII/PHI) to known multiple parties, including the next of Kin, AZ State Nursing Home, and EMS. Veteran A presented from the nursing home to ED on 06/07/15, reportedly with limited mental capability. The identity was verified with Veteran. Upon discharge, discharge documents were sent with Veteran for continuity of care and EMS. A follow-up voice message was later left for the veteran's wife, at the home residence listed. A subsequent follow-up letter was mailed to home residence listed. Today, the Outpatient Consult Department noticed that name did not match other identifiers. An investigation determined that Veterans 06/07/15 documentation was placed in a chart of another, same named Veteran, who was deceased. The root cause of the co-mingling of charts is due to lack of identity verification and caused the disclosure of deceased Veterans PII/PHI to 3 unintended parties. Additional notification and investigation, to ensue.
Outcome:
06/25/15: The Incident Resolution Service Team has determined that there was a policy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.