Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Sierra Pacific Network (VISN 21)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on April 4, 2012. Also cited in 141 other reports.
Report ID: SPE000000073689, U.S. Department of Veterans Affairs
Reported Entity: VISN 21 Fresno, CA
Issue:
A Vendor who provides cardiovascular implants and who also participates in surgeries at this facility reported that his briefcase that contained his company laptop was stolen from his vehicle this morning. His laptop contained the CT scan images for two Patient A and Patient B. The Vendor advised that his laptop was password protected and that he had filed a report with the local municipal police. Also contained in the briefcase were implant graphs on paper that contained the two Patients' names only. Update: 04/05/12:Two Patients will receive a letter offering credit protection services and 2 Veterans will receive a notification letter.04/09/12:ISO & PO communicated with company POC today via telephone and email. POC will confer with their IT department and verify what types of protection are utilzed on their company laptops. POC will get back to ISO & PO with information on next working day.
Outcome:
Upon investigating this incident with the Vendor and Surgery Service, it was discovered that images for implants were provided to a vendor on a CD for review to allow the vendor to determine what cardiovascular implants might be required. The images were downloaded to the vendor's laptop and the disc returned to the VA. Following completion of the procedure the images were deleted. The vendor stated that encryption was used on the laptop but could not say what kind. The investigation provided the following findings: The Vendor was not required to take VA or VHA Mandatory training. The Vendor will be instructed to register in TMS and take Privacy and Information Security Awareness Training and Privacy and HIPAA Training. No images will be provided to the Vendor on CD. The Vendor will review any images with the Dr. at the VA facility prior to any procedures. The matter of no contract for the vendor's company will be researched to determine if a contract is required for this Vendor or if a BAA can be used to ensure compliance with VA regulations.