Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Northwest Network (VISN 20)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on October 17, 2011. Also cited in 208 other reports.
Report ID: SPE000000067761, U.S. Department of Veterans Affairs
Reported Entity: VISN 20 Seattle, WA
Issue:
A proximity card and a log book containing personally identifiable information (PII) and protected health information (PHI) were stolen from a VA Puget Sound Health Care System (VAPSHCS) doctor's vehicle while he was off VA property. There was approximately 50 patients' PII/PHI involved. Update: 10/18/11:The doctor did not have authorization to take to take documents with patients names off campus. The Information Security Officer (ISO) and Privacy Officer (PO) are investigating to see exactly what PII/PHI was involved and if the patients can be identified.10/25/11:The list of names on the log book is not known, but a list of potential names based on the residents schedule has been created. The patients' names, SSNs, and medical information were in the logbook. The residents are required to keep track of procedures, and have the authority to do so, but this included clinical information. The 59 patients whose names could have potentially been in the log book will be sent letters offering credit protection services.
Outcome:
VAPSHCS Privacy Office and Information Security Office have addressed the incident through the appropriate reporting mechanism. The VA Police are actively investigating. The Service Line Leadership is discussing implementation of procedural changes and training designed to reinforce privacy concerns associated with physician logs. The Chief of Staff directed the Assistant Chief of Staff (ACOS) for Education to immediately reinforce to all house staff that the recording of PII or PHI in case logs is strictly prohibited. This will also be communicated to all the Residency Program Directors at the academic affiliate. The investigation is ongoing.