Potential VA PHI Breach Impacts 1,000 Oregon Veterans

Share this article on:

This week, the Oregon Department of Veterans’ Affairs announced it suffered a major privacy breach that could impact 967 Oregon veterans.

Copies of DD 214 forms are believed to be in the possession of an unauthorized individual. The DD 214 form is a Certificate of Release or Discharge from Active Duty and contains veterans’ full names, addresses, dates of birth, and Social Security numbers. Data which could potentially be used to steal the identities of veterans and commit fraud.

It is not clear at this stage how the individual came to be in possession of the documents, or the reason why that information was taken. According to a statement released by an ODVA spokesperson, there is no reason to suggest that any of the data have been used inappropriately. However, “ODVA is treating this compromise with critical importance.”

In order to protect affected veterans from identity theft and fraud, affected veterans have been offered a year of credit monitoring services without charge and notifications of the breach have now been mailed.

In order to prevent similar privacy incidents from occurring, ODVA Director Cameron Smith has requested a review of internal policies and procedures. Based on the results of that review, policies will be altered to better protect the privacy of Oregon veterans in the future.

A Bad Week for the Dept. of Veterans’ Affairs

The VA also made the news this week after a ProPublica investigation of PHI breaches shows the Department of Veterans’ Affairs tops the list for complaints made for privacy violations. The VA is the most persistent HIPAA offender and consistently and repeated violates HIPAA Rules.

The ProPublica report cites one case when a VA employee accessed the medical records of her ex-husband 260 times before the privacy violations were discovered. Another case involved the unauthorized accessing of a veteran’s records on 61 occasions by a VA employee who also posted the information on Facebook. Despite numerous instances of privacy violations, many of which are serious, little action appears to be taken against the VA by regulatory bodies.

A Bad Quarter for the Dept. of Veterans’ Affairs

Each month the Department of Veteran Affairs sends a report to congress detailing veterans’ privacy violations. Numerous mis-mailing and mishandling incidents occur each month, and many PIV cards and devices containing veterans’ PHI are lost. In November, 693 veterans had their PHI exposed as a result of theft of devices and mistakes made by VA staff. In October, 648 veterans were affected by privacy breaches. The latest incident ensures that December’s figures will be worse still, and that the upward trend in privacy violations will continue.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.

Share This Post On