This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

Phoenix VA Health Care System

PHOENIX AZ - 644

Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on August 28, 2013. Also cited in 102 other reports.


Report ID: PSETS0000093945, U.S. Department of Veterans Affairs

Reported Entity: PHOENIX AZ - 644

Issue:

On 07/30/13, the central coordinating center for a multi-site VA study governed by the VA Central Institutional Review Board (CIRB) contacted the local site Research Coordinator to request re-faxing of consent form and HIPAA Authorization for one subject consented 03/19/13, because the central coordinating center did not have copies of those documents. The local site coordinator searched other study documents and research spaces thoroughly and did not find the two missing documents. At that time the deviation was reported to CIRB. Because the deviation was reported to CIRB, local Research Privacy Officer (PO) was not notified at that time. Research PO was notified by Research Leadership on 08/28/13 when CIRB response to the deviation report was received.

Outcome:

09/03/13: The CIRB did request that the study obtain new forms retroactively, and that was accomplished. The timeline is as follows: On 7/30/13 the study reported the deviation to the CIRB. CIRB reviewed the deviation report on 08/06/13. CIRB requested more information from the study and have not yet reached a final determination. The CIRB wanted 1) the study to state whether they had any records that clearly showed the subject had signed the ICF and HIPAA Authorization in the first place on 03/19/13, and 2) for the study to inform the CIRB when the subject was re-consented and signed a new ICF and HIPAA Authorization. The subject was re-consented and a new written ICF and HIPAA Authorization were obtained on 08/14/13. The study team was unable to find any copies of the original 03/19/13 ICF and HIPAA Authorization, but the PO considers it highly unlikely from the study's procedures that the forms were not obtained prior to the blood draw. The sole study visit consists of obtaining written consent and authorization (which is the majority of the visit), photocopying the documents to give the subject copies, then doing the blood draw, with only one subject and the Research Coordinator in the same room the whole time, except when the Coordinator steps out to make the photocopies. I do believe the original documents from 03/19/13 existed and were lost. The exact point of loss was impossible to establish. The Veteran will receive a HIPAA letter of notification.

Do you believe your privacy has been violated? Here’s what you can do: