25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

VA Privacy and Security Incidents Decreased in October

Posted By on Nov 22, 2015

The Department of Veteran Affairs’ October Information Security Report to congress makes for easier reading than last month’s report, when the personal information of 1,135 veterans were exposed in security incidents. VA privacy and security incidents decreased in October, with 648 veterans affected. Aside from August when just 431 records were exposed, this was the best month for the VA since March 2015.

453 veterans were reported to have had their Protected Health Information exposed as a result of VA privacy and security incidents last month. 285 incidents were serious enough to warrant credit protection services being offered to reduce the risk of harm or loss, and 363 beach notification letters were mailed to veterans.

VA Privacy and Security Incidents Reported in October

 

Security Incident October 2015 September 2015 Difference Percentage Inc/Dec
Lost/Stolen Devices 49 64 -15 -23.43%
Lost PIV Cards 158 134 +24 +17.91%
Mishandled Incidents 81 115 -34 -29.57%
Mis-Mailed Incidents 123 137 +14 -10.22%
Pharmacy Mis-Mailings 8 5 +3 +60%

 

The month saw a considerable reduction in the number of mishandling incidents, and also a sizable reduction in the number of mis-mailing incidents and lost/stolen devices; however, there was an increase in the number of lost PIV cards in October.  There were three more pharmacy mis-mailings reported in October than last month; although, since 7,119,592 pharmacy mailings were sent during the month of October the percentage of mis-mailed incidents was very low.

Each month, numerous privacy breaches are caused as a result of errors being made sending information to veterans. One veteran being accidentally given the PHI of another veteran. These common errors are promptly reported and only rarely result in any harm coming to the individuals concerned.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

However, this month a number of other privacy and security incidents were uncovered. VACO OI&T in Washington DC discovered it had lost 4 Blackberry devices, two laptops and an iPhone, each of which contained information on patients. The equipment audit also revealed a further 12 items of equipment were also found to be missing, although they were not capable of storing data. The phones were disabled remotely and the laptops were encrypted. It is not clear exactly when the phones were disabled and therefore the length of time PHI was potentially accessible.

A digital camera was reported missing by a Houston, TX nurse. The SD card in the camera contained images of patients’ wounds along with veterans’ last names and the last four digits of their Social Security numbers. Approximately 200 patients were affected by the equipment theft. Under normal circumstances the camera is stored in a locked cabinet, but the camera is understood to have been stolen from a preparatory room. To reduce the probability of data being exposed in similar incidents the staff has been instructed to remove the data from SD cards once information has been transferred to patients’ medical record files.

A serious breach affected 54 veterans in Chicago after a travel log was left on a bus by a driver. The list contained the full names and social security numbers of veterans. As a result of the exposure of their SSNs, all affected veterans were offered credit monitoring services.

Another incident was reported in October that affected 55 Chicago-based veterans. A binder was found by a visitor in an unsecured closet in a construction zone. The information in the binder included patient records dating back to 1991, from three separate hospitals. Credit monitoring services were offered to 17 patients who are still alive, while notifications have been issued to the next of kin of 38 deceased veterans.

In Wichita, KS, an unofficial logbook containing the PHI of 60 veterans was found in the street by an VA employee. The logbook contained patient names, dates of birth, addresses, lab information, and full social security numbers. The log book had apparently been kept by a primary case worker. A few days after the logbook was discovered, additional pages were located in the street detailing the same data elements of a further 7 individuals. All were offered credit monitoring services as a precaution against ID theft and fraud.

So far this year, the personal information of 8,910 veterans has been exposed in VA privacy and security incidents.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist