Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Midwest Health Care Network (VISN 23)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on November 18, 2011. Also cited in 183 other reports.
Report ID: SPE000000068806, U.S. Department of Veterans Affairs
Reported Entity: VISN 23 Omaha, NE
Issue:
A resident from an affiliate hospital had a logbook stolen out of his vehicle at the affiliate hospital. This logbook contained information on all patients he has seen in the Omaha VAMC Operating Room (OR) for the past 20 months, so he could track his procedures and types of anesthetics he used. The resident stated that he would either just write in the patient's age, case, procedure type, and anesthetic used (with no identifiers) or in some instances he took a patient's label with their full name, SSN, and DOB and stuck it in the log. He does not know what patients were in his log. Update: 11/21/11:The Police Report was filed by the affiliate hospital not VA. The resident also sees patients at 3 other private sector hospitals and he is notifying appropriate staff at those facilities since the logbook included all patients seen by him at all 4 facilities. 11/30/11:The Privacy Officer did a search of all the patients that the resident created an anesthesia report on and the number was 87. The 87 patients will receive a letter offering credit protection services.12/08/11:There were duplicate entries for some of the patients. The final number of patients offered credit protection is 74.
Outcome:
The resident received additional training regarding protecting personally identifiable information (PII) and protected health information (PHI).