Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Tennessee Valley Healthcare System
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on June 3, 2015. Also cited in 104 other reports.
Report ID: PSETS0000120312, U.S. Department of Veterans Affairs
Reported Entity: NASHVILLE TN - 626
Issue:
On 06/02/15, while at a scheduled Dental appointment, Veteran A inquired to a VA Dental employee about why he would have received two appointment letters for a Compensation and Pension (C&P) Exam. Veteran A provided a copy of both appointment letters to the Dental employee and upon further discovery by the Dental employee, it was noted that one of the letters belonged to Veteran B. Veteran A stated that both letters were received in the mail in the same envelope and did not notice that one of the letters was addressed to Veteran B. The Dental employee kept the appointment letter belonging to Veteran B and provided it to the Privacy Officer (PO). Veteran Bs protected health information (PHI) that was listed on the appointment letter included his full name, address, last four digits of his SSN and pending C&P appointment information.
Outcome:
06/03/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.