Dedicated to providing the latest
HIPAA compliance news

VA Data Breaches Fell Dramatically in August

Share this article on:

The VA Information Security Report usually makes for unpleasant reading, oftentimes detailing numerous mis-mailings, mis-handling accidents, lost PIV cards, and lost and stolen devices; however the data breach figures for August are surprisingly low, with considerably fewer records exposed than in previous months.

The number of veterans’ records exposed in July were half that of June, and the reduction has continued in August, with the VA data security report indicating just 431 veteran records were exposed. 127 breach notification letters were sent, and 304 individuals were offered credit protection services to mitigate the risk of harm. August has therefore been the best month for the VA since March 2015.

Victims of VA Data Breaches in 2015

 

Month Veteran Records Exposed
January 310
February 891
March 383
April 987
May 1018
June 2076
July 1031
August 431

 

Average number of records exposed per month: 890
Total number of veterans affected in 2015: 7,127

 

VA Data Breaches Continue to Fall

 

The total number of lost PIV cards reported for the month of August was 117: The lowest number reported since November 2014.

Pharmacy mis-mailings are relatively rare, with just a handful of mis-mailed items reported each month. It would appear that extra care has been taken in August, as remarkably, only one error was made out of 6,811,826 mailings. This is a significant reduction over the past three months, where pharmacy mis-mailings had risen into the twenties.

Mishandling incidents are also significantly down. For the past six months, mishandled incidents per month have gone into three figures. In August, the number fell to just 84. The VA has not reported such low figures since November 2014.

The number of lost devices also decreased, falling from 56 in July to 47 in August. The average number of lost devices per month for the last 9 months is 54. However, mis-mailing incidents have remained similar to past months, with 148 incidents reported in August.

Many of the security incidents detailed in the report follow a similar pattern to previous months, and typically involve patient A being sent information relating to patient B.

However, serious data security failures have been discovered in the VA Capitol Health Care Network (VISN 5). VISN 5 serves veterans from areas within Maryland, the District of Columbia, and sections of Virginia, West Virginia, and Pennsylvania.

The VA lists the results of an Information Resources Management (IRM) Service Delivery and Engineering (SDE) wall to wall inventory conducted by VISN5, which revealed that 49 items of electrical equipment were missing as of August 10, 2015. These items included 2 laptops, 7 network servers, 3 computer workstations, 2 tablets, 12 network switches and 23 other items of computer equipment such as printers, scanners and computer monitors.

However, 8 days later, after a thorough investigation, the number of missing items was reduced to 29; a much improved figure, but still unacceptably high. It may not always be possible to prevent equipment theft, but it is essential to maintain an accurate inventory and to keep track of all electronic equipment used to store PHI.

Following on from the loss or misplacing of equipment, facility staff have been instructed by the VA to maintain more accurate records of all electronic equipment, and to implement policies and procedures to ensure that all equipment issued to staff is properly protected. Steps must also be taken by VISN 5 to prevent further loss and theft of equipment.

Author: HIPAA Journal

HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines.

Share This Post On