Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Healthcare - VISN 4 (VISN 4)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 22, 2012. Also cited in 239 other reports.
Report ID: SPE000000075836, U.S. Department of Veterans Affairs
Reported Entity: VISN 04 Pittsburgh, PA
Issue:
The VA Police reported an incident regarding a suspicious vehicle on VA property at 9:45 PM. The VA Police discovered a VA employee who was attempting to move boxes of documents that contained personally identifiable information (PII) and/or protected health information (PHI) from a loading dock. The employee indicated that she was in the process of moving from one VA campus to another campus, and there were 4 boxes of documents that she needed to move regarding a current project the employee was working on at home. The VA Police took custody of the documents due to the time of day, suspicious activity, and information contained in the documents. The documents are currently secured in the VA Police vault. The Privacy Officer (PO) and VA Police are investigating this incident and gathering more information at this time. Update: 05/25/12: The investigation is still ongoing with VA Police. The Privacy Officer (PO) was provided the documents that the VA Police had confiscated. An inventory was conducted and the PO discovered 4 documents that contained the name and SSN of 2 individuals and the documents were over 20 years old. The rest of the documents did not contain any PII or PHI. The supervisor reported that the employee did not have permission to take VA data offsite nor did the employee have permission to work at home. An interview will be scheduled with the employee to address many questions, however it has been reported that the employee has not reported to duty since the incident occurred due to medical issues. As soon as the employee does report to duty the supervisor has been advised to contact the PO and the VA Police so that an interview can be conducted, and the investigation can move forward. 06/06/12: Two (2) Patients will received letters offering credit protection services.
Outcome:
This VA employee was in clear violation of VA Privacy Policies. A violation memo is being prepared and will be routed to the service line VP, and HR employee/labor relations for further administrative action.