The Star Tribune published a report about an epic increase in privacy violations by Department of Veterans Affairs including sending vets’ records to the wrong place.
Reporter Mark Brunswick gave me a call a couple weeks ago to discuss the problem of privacy violations following exposure of a growing scandal first exposed by ProPublic. The news agency built a database to tally privacy violations nationwide.
VETERANS AFFAIRS IN MINNEAPOLIS
In his report, Brunswick decided to cover my own experience with VA carelessly sending my full Vocational Rehabilitation file to my old apartment address. En route, Fed Ex did the equivalent of Googling me to find my new address and decided to deliver the records (over 1,000 pages) to a place I lived at two years before rather than returning them to VA.
This resulted in me not receiving the files. When I informed VA of their mistake, they told me I would need to recover the records on my own by calling the police. When I called the police, they looked quite puzzled and left.
In the end, VA did nothing other than offer to provide one year of identity theft protection. Wooptie doo, right?
Brunswick included the story alongside his analysis of the numbers he found:
— “In 2013, one veteran opened his mail to discover a picture of the inside of another veteran’s colon, taken during the veteran’s colonoscopy at the St. Cloud VA. A nurse did not clear the camera to set up for the next patient and when the system printed the photos it included the veteran’s name, birth date, Social Security number and date of the procedure, along with the provider’s name.
— “In 2014, a former VA supervisor in Minneapolis called a retired VA employee and claimed she knew about his health problems from another VA supervisor.
— “In 2011, an employee of the Minneapolis VA snooped in the chart of a vet who had been in the news, even though it wasn’t part of the employee’s official duties. The worker admitted looking in the chart out of curiosity and was written up for disciplinary action. The following year, a research contract worker accessed the chart of another high-profile patient who was in the news.
— “In another 2011 case in Minneapolis, clerks in a clinic were overheard by a patient and his daughter discussing a veteran enrolled at the clinic who had been identified in the local news media after being charged with a crime.”
VA AND THE CONTRACTOR PROBLEM
VA claims the increase in reported instances is the result of better reporting systems. However, I suspect the involvement of contractors and lack of accountability when records are misplaced may be also contribute to the spike in privacy violations.
The agency is using government contractors like UPS and Fed Ex rather than using USPS. One problem with UPS is that it cannot deliver to PO Boxes. Fed Ex apparently uses a Googling feature that may result in the records being delivered to the wrong address. When a problem occurs, you cannot avail yourself to the Postmaster General for help. Here is my take on that via Brunswick’s article:
“Krause is also an attorney who often represents veterans in cases against the VA and has been a frequent critic of it in his blog, disabledveterans.org. Krause says the use of third-party contractors appears to contribute to confusion, as does a system, much of it paper-generated, that is not coordinated or automatically updated. A failure to hold workers accountable also likely adds to problems, he said.
“While HIPAA violations can carry economic penalties, it’s virtually impossible to sue the VA over other privacy breaches because a prospective plaintiff would need to prove real economic damage, Krause said.
“’They don’t have the same kind of fear of God like some normal Joe Schmo, where they are held personally accountable,’ Krause said of the VA. ‘These individuals in the federal government are above the law, and it’s the taxpayer that has to foot the bill every time there is a mistake.’”
Ever experience something like this?