On January 16, 2019, Lebanon VA Medical Center submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services (HHS).
Located in Lebanon, PA, the email breach potentially affected 1,002 individuals’ protected health information.
Lebanon VA Medical Center is classified as a Healthcare Provider.
According to a release on their website:
The U.S Department of Veterans Affairs’ Lebanon VA Medical Center has announced that an unauthorized release of medical information occurred at the facility in late November 2018 and assorted information of 993 Veterans was inadvertently released via e-mail to the family member of a Veteran.
A historical listing of Veterans who were residents of nursing homes was inadvertently e-mailed to the family member of a Veteran who was exploring nursing home placement options and had requested a listing of nursing home facilities that work with VA. The erroneously e-mailed list included Veterans’ names, abbreviated social security numbers, diagnoses, the nursing home where the Veteran was admitted and service-connection disability rating percentages, if applicable.
“Lebanon VA Medical Center and our employees take our responsibility to protect patient information very seriously. Along with assistance from national offices, we immediately investigated this inadvertent, unauthorized release of information which occurred in late November,” said Tonya Hromco, Lebanon VAMC privacy officer. “We regret any release of unauthorized information and notifications to those impacted were made as required.”
Veterans or family members, of those deceased that have been affected, are being notified by letter. Impacted Veterans with any concerns or questions can contact the facility’s privacy officer at 1-800-409-8771, ext. 4614 or ext. 5413, for assistance.
“Our principle concern is for the safety and well-being of our Veterans and protecting their information,” said Robert W. Callahan Jr., medical center director. “A review of the incident was initiated and appropriate measures both in the section where this occurred and throughout the facility have been implemented to prevent future occurrences.”
HHS Wall of Shame
The HHS Wall of Shame is a website under the jurisdiction of HHS that lists all HIPAA breaches reported within the last 24 months. The Wall of Shame displays breaches that are currently under investigation by the Office for Civil Rights.
As part of section 13402(e)(4) of the HITECH Act, the HHS Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals.
HIPAA Breach Report
The Paubox HIPAA Breach Report analyzes breaches that affected 500 or more individuals as reported in the HHS Wall of Shame.