Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Southeast Network (VISN 7)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on April 25, 2011. Also cited in 225 other reports.
Report ID: SPE000000061518, U.S. Department of Veterans Affairs
Reported Entity: VISN 07 Decatur, GA
Issue:
A Community Based Outpatient Clinic (CBOC) employee returned the completed Personal Identity Verification (PIV) applications of all staff at the CBOC in one privacy envelope. The CBOC Nurse Manager told all the employees where the envelope was and she left it out on a table in the clinic. When one of the staff members opened the envelope to retrieve her document, she noticed all the other employees' sensitive information was in there as well. The envelope was laid out on the table for approximately two hours. It is unknown if anyone may have opened the envelope since the room was not locked. The employee who found the envelope is very upset about the personal information being left out for anyone to access. The employee stated, "All applications were returned to the clinic in one envelope and not in a separate envelope like our paycheck stubs but one big envelope. I was able to go through the applications myself and pick out my application to use when I go to the main campus to have my picture taken. This is a violation of my privacy." The Privacy Officer (PO) requested an issue brief from the Clinical Service with an action plan and a list of the affected employees. Update: 04/25/11: The envelope was in an unlocked room off of a public hallway. The information included the employees' full SSNs. All 9 employees will be offered credit protection services. 4/26/11: This ticket was updated to reflect 13 employees were affected. Thirteen will receive a letter offering credit protection. NOTE: There were a total of 16 Mis-Handling incidents this reporting period. Because of repetition, the other 15 are not included in this report, but are included in the "Mis-Handling Incidents" count at the end of this report. In all incidents, Veterans will receive a notification letter and/or credit monitoring will be offered if appropriate.
Outcome:
Service has requested remote access for staff conducting the workflow. This process has gone to a new electronic process. All employees have been oriented to new process.