VA Privacy Breaches Rank Among the Worst
An investigation spanning a two-year period found that US Veterans Affairs (VA) department employees or contractors contributed to 14,215 privacy breaches affecting over 101,000 veterans at 167 VA facilities across the US.
The investigation, conducted by the Pittsburgh Tribune-Review, uncovered cases in which photos of veterans’ anatomy were posted to social media, cases of leaked credit card information, failure to encrypt data on stolen devices, unlawful disclosures of information or failure to secure consent, and numerous other types of violations, according to the newspaper.
One breach, reported by Healthcare IT News, occurred in January 2012 when the VA inadvertently posted personal information and the Social Security numbers of 2,200 veterans to Ancestry.com, following the mistaken release of data through the Freedom of Information Act.
Investigators found that, thus far, no monetary penalties have been levied as a result of these violations, and disciplinary action against violators has been minimal.
“No case related to the VA has resulted in a monetary settlement,” VA spokeswoman Rachel Seeger told the newspaper, adding that the agency “is looking concertedly at systemic issues throughout the VA system with respect to HIPAA compliance.”
In the private sector, however, the Department of Health and Human Services can charge healthcare providers, insurance plans, and contractors with firings and fines of up to $1.5 million and $25,000 for repeat violations per offense, the newspaper notes.