Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Southeast Network (VISN 7)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on March 14, 2011. Also cited in 225 other reports.
Report ID: SPE000000059531, U.S. Department of Veterans Affairs
Reported Entity: VISN 07 Augusta, GA
Issue:
Employee reported that he received an un-redacted copy of 2 patients' information in the copy of his disciplinary file that he picked up from HR. The information included the patients' full names, full SSN, DOB, provider names and active orders. The employee initially reported that only he had seen the information and that he had pulled it out the file before his wife picked it up that afternoon. Update: 03/21/11:There was additional patients' PII found by the employee's wife on the two patients noted. It was returned to the Privacy Officer. Since the patient's PII was out of VA control, those two patients will be offered credit protection services.
Outcome:
HR Specialist received guidance from PO on proper redaction, review, and release of information from files when processing request. The employee also completed additional privacy training and conducted privacy training for the Employee relations/Labor relations staff as a part of the section's staff meeting. Respiratory Therapist recommended for disciplinary action for not safeguarding the information from disclosure even after discovery.