Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Rocky Mountain Network (VISN 19)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on August 15, 2012. Also cited in 133 other reports.
Report ID: SPE000000079224, U.S. Department of Veterans Affairs
Reported Entity: VISN 19 Salt Lake City, UT
Issue:
A VA employee was cleaning out file cabinets and inadvertently threw away, in a housekeeping bin, a folder that contained patient information, i.e., all demographics, medications, test results. This bin was found on an unsecured loading dock. The patient information found was not for any of the VA Salt Lake City's patients. The dates of birth of at least 5 of these patients are in the 1920's to 1930's. The information at risk included names, addresses, dates of birth, full SSNs and medication information. Update: 8/15/12 This incident was reported to the Associate Director of Quality Management, the Chief of Staff and the employee's immediate Supervisor. The employee is going through this bin paper by paper to ensure that there is no more patient information to be found. These patients have not been seen at the VA Salt Lake City Health Care System. By the addresses, it looks like these might be Boise, Idaho patients, since this employee had worked there back in the 1980's to the 1990's. 08/16/12: The Information Security Officer (ISO) was unable to determine how long the information was the unsecured on the loading dock, because the provider had placed the bin in a locked room in another department and the ISO was unable to find out when this department put it out on the loading dock. The loading dock is accessible to anyone. There is no cameras in the area where the bin was located. Out of the 9 patients whose information was in the bin only one is still living. The Privacy Officer (PO) at the Boise, Idaho VA confirmed that 4 of these patients were deceased and the ISO was able to determine the other 4 were also deceased. 08/22/12: One Patient will receive a letter offering credit protection services.
Outcome:
Employee was given a written counseling - Credit Monitoring Letter was sent on 8/31/12 - a redacted copy has been uploaded.