This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

VA Southeast Network (VISN 7)

VISN 07 Tuscaloosa, AL

Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on October 10, 2011. Also cited in 225 other reports.


Report ID: SPE000000067571, U.S. Department of Veterans Affairs

Reported Entity: VISN 07 Tuscaloosa, AL

Issue:

The Privacy Officer was notified that a Veteran from the Psychosocial Residential Rehabilitation Treatment Program (PRRTP) was in the Veterans' Cyber Cafe using a computer and discovered approximately 10-12 sheets of paper lying face down across the corner of the printer. The Veteran picked them up, noted they were lists of inpatient Veterans with full SSNs, dates of admission, diagnoses, and ages. He stated he saw his own name and knew that he needed to let someone know he had found these papers. The Veteran returned to his unit and turned in the papers in to the LPN on duty. Update: 10/17/11: Two hundred ten Veterans will be sent letters offering credit protection services due to full name and full SSN being exposed. Nine next-of-kin notifications will be sent on behalf of the nine of the affected Veterans who are deceased. 11/01/11: The investigation by the PO is complete. The letters are in review and awaiting signature. The letters will start going out this week. Here are several recommendations made by the PO: *The immediate supervisor to provide a copy of the Local Privacy Policy's attachment "Clean Desk Policy" to the VA employee and to obtain a signature indicating the receipt and acknowledgement of the policy's attachment that covers safeguards and protection of all veteran sensitive information. *Encourage not creating any paper documents if at all possible for assigning Medical Record Review (MRR).

Outcome:

Remedy: Human Resources Management Services has been consulted for the appropriate level of disciplinary action regarding the VA employee. Additional training has been provided to the staff regarding securing PHI/PII was completed with signatures acknowledging the staff\xe2\x80\x99s understanding pertaining to sensitive patient information.

Do you believe your privacy has been violated? Here’s what you can do: