Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA New England Healthcare System (VISN 1)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on July 8, 2011. Also cited in 204 other reports.
Report ID: SPE000000064562, U.S. Department of Veterans Affairs
Reported Entity: VISN 01 Boston, MA
Issue:
A health insurance form was mailed to a VA Fee Basis provider. It contained personally identifiable information (PII) and protected health information (PHI) including the Veteran's name, address, date of birth and full SSN. It was mailed to the wrong agency. The agency called and reported it to the Information Security Officer (ISO). Update: 07/19/11:The Privacy Officer (PO) completed the investigation into the incident and discovered that an employee in the Fee Basis unit mistakenly mailed two letters and corresponding claims forms which included the two patients' name, full SSN, DOB, etc. to a non-VA outside party. There are two individuals impacted by this incident. The PO will address the matter with Fee Basis Supervisor and attempt to identify the responsible party. The responsible party will be responsible to provide documentation of current completion of Privacy and Information Security training, have discussion with Fee Basis Supervisor and PO has requested that Supervisor send e-mail reminding all employees of the importance of verifying correct information on all outgoing documentation to avoid further issues.The two patients will receive a letter offering credit protection services.
Outcome:
PO completed investigation into the incident and discovered that employee in the Fee Basis unit mistakenly mailed letter and corresponding claims forms- which include patient name, full SSN, DOB, etc. to non-VA outside party. There are two individuals impacted by this incident. PO will address matter with Fee Basis Supervisor and attempt to identify responsible party. Responsible party will be responsible to provide documentation of current completion of Privacy and Information Security training, have discussion with Fee Basis supervisor and PO has requested that Supervisor send e-mail reminding all employees of the importance of verifying correct information on all outgoing documentation to avoid further issues.