Lebanon VA Privacy Act Violation

Veterans Affairs Admits To HIPAA Violation Of 993 Elderly Veterans

The Lebanon VA Medical Center just admitted to a massive HIPAA violation where the private health information belonging to 993 elderly veterans was unlawfully released.

The announcement of the unlawful release of private information occurred in November 2018. The information was allegedly released only to one family member of a veteran inadvertently by a VA official. A HIPAA violation generally occurs when private health information is shared with someone who is unauthorized to possess or access that information.

Private Information Released

The VA privacy officer at the facility, Tonya Hromco, provided specific details about the release and the extent of the information improperly shared about elderly veterans.

“A historical listing of Veterans who were residents of nursing homes was inadvertently e-mailed to the family member of a veteran who was exploring nursing home placement options and had requested a listing of nursing home facilities that work with VA. The erroneously e-mailed list included Veterans’ names, abbreviated social security numbers, diagnoses, the nursing home where the Veteran was admitted and service-connection disability rating percentages, if applicable.

“Lebanon VA Medical Center and our employees take our responsibility to protect patient information very seriously. Along with assistance from national offices, we immediately investigated this inadvertent, unauthorized release of information which occurred in late November,” said Tonya Hromco, Lebanon VA privacy officer. “We regret any release of unauthorized information and notifications to those impacted were made as required.”

VA has a long history of problems protecting private health information belonging to veterans. In one instance, a former VA employee was caught unlawfully accessing private health information to sell that data as part of a fraud scheme.

VA Regrets HIPAA Violation

VA spokesperson Doug Etter for Lebanon VA said the agency regrets the incident.

“It’s an isolated incident,” Etter said. “It’s an incident that we regret.”

“I think it’s important for people to know that the list did not include the date of birth of any of the veterans,” Etter said in an attempt to seemingly downplay the importance of releasing name, diagnosis, disability rating, and other related private health information.

“We want to be open, honest, transparent,” Etter said. “We have nothing to hide. We made a mistake, we’ve owned up to it and we’ve promised to correct that mistake and not let it happen again.”

VA is supposedly taking steps to make sure additional privacy breaches do not occur in the future.

“We’ve put certain measures in place that are systemic to prevent it, to prevent the human error,” Etter said. “So all of these files are no longer what we call rolling or historic files. They’re also encrypted and restricted. So only a very few number of people can have access to these files. Finally, members of the Department are not allowed to send attachments along with emails.”

Appropriate Protections Implemented

“Our principle concern is for the safety and well-being of our Veterans and protecting their information,” said Robert W. Callahan Jr., medical center director. “A review of the incident was initiated and appropriate measures both in the section where this occurred and throughout the facility have been implemented to prevent future occurrences.”

VA claims it notified all veterans or family members of those affected by the Privacy Act and HIPAA violation. Those affected who may not have received notification of the violation should call the privacy officer at 1-800-409-8771, ext. 4614 or ext. 5413.

Lebanon VA is located in Pennsylvania Dutch country. The facility has been in operation for over 70 years. It is regionally within the agency’s VISN 4, which includes other facilities located in Philadelphia, Coatesville, Wilkes-Barre, Altoona, Pittsburgh, Butler, and Erie in Pennsylvania, as well as Wilmington, Delaware.

Similar Posts


  1. There are HIPAA violations everywhere and don’t need to look, what happens when you don’t care. They almost killed me with their bullshit. I hope close all up and lose job where do zero, civilian hospitals don’t have nearly as many games and don’t care who you are

  2. If you want a real eye-opener, request a copy of your claims file from your VA regional office. When we got my husband’s copy, we found medical information on four different veterans in his file. Two of the veterans were women. It makes you wonder if my husband’s information may have been misfiled in someone else’s file. This was significant because he was in the middle of an appeal at the Court if Appeals for Veterans Claims. We notified the Court and the VA General Counsel’s office about the error. We also contacted the privacy officer at the local VAMC, and never heard another word. We were also mailed copies of a veteran’s medical files with the same last name as ours and who lived in another part of the same state. This is a common occurrence. There is no accountability that I can see for HIPAA violations like this.

  3. Off topic? Hell that’s where the bastards should have court. Or what happened To the one security guy who had vets in vt,nh,Maine,mass,ri, and conn, info on his laptop that went to montreal, in Canada! and decided to park in the open with laptop on the seat and then go clubin. Just imagine what happened when he got home (back in the states) and HIS laptop wasn’t. there too. OH MYBAD! Noworries guys its all good! Got a good password?

  4. Off Topic but Veterans lose again ,Just read this story at NPR: Veterans Claiming Illness From Burn Pits Lose Court Fight.
    We are the battle.

  5. “H.I.P.P.A. Violations” in VA-Speak is dangerously close to “HIPPO Violations”, which in an ironic twist, are one and the same.

    *utilized in a sentence*
    “The Hippo at the VA violated your HIPPA.

  6. I’ll bet there are many examples of HIPPA Violations occurring weekly, if not daily, at VHA’s nationwide.
    I know it happened to me, along with my wife, about two years ago!
    Did anything happen to the perpetrators? No! They were just transferred to another VHA healthcare facility!

    1. Not if they were PERSONALLY sued in the jurisdiction where the offense was committed, As I have said before, only a SLEW of lawsuits will resolve the problems of the VA/VHA giving a rat’s behind.

  7. Veterans who read this do why The Whitehouse does not to much for Veterans it’s because only 2 percent are Veterans.

  8. You broke the rules or laws. A mistake is a mistake and you are responsible and have to own it.

    Honest mistake. I left a surgical knife in the stomach of 1 patient, my Bad, it was an honest mistake. And the veteran whined.

    Typical va making up excuses and then blaming the veterans.

    We promise, we take this very seriously !

    Seriously ? Does Seriously mean ! Honest Mistake and the veterans are just cry babies. Just because their information was illegally released.

    Yes, pat your Chest and say it’s ok, my bad ! Sorry but this is not a game. Your insulting veterans calling them whiners.

    So are all the employees who harm veterans Just making Honest mistakes and the veterans just whine and the employee should be patted on the back and told dont worry about it.

    So what you released information you should have not released. It was not your fault.

    Over 400 thousand veterans disability claims in appeals. So at least 400 thousand veterans say an employee made a Honest mistake ?.

    Remember some people pay attention and can see right through what you are really saying.

    Protect the employees and the Hell with what this type of Honest mistake could do to those veterans.

    1. Truth! My sister is an RN at the Van Zandt VA Hospital in Altoona, PA. My Vietnam vet husband and I discovered she violated HPPA privacy laws when she shared his medical records with other family members (who haves “shunned “ us now for over a year.) We reported the violation to the VA. An investigation revealed that she had indeed violated his privacy. She told the VA she was “sorry” and it wouldn’t happen again. The VA apologized to us. Our family has been completely destroyed. The VA is a treacherous joke.

  9. It seems to me, based solely on the information provided above, that this named employee is guilty of making an honest mistake, and has been deliberately put on display for gratuitous humiliation toward one of their own.
    So, the VA/VHA in all of their CYA tactics decided that putting this person on blast for making such a mistake (and publicly invoking this one and only time, the HIPAA regs) will somehow what, show Joe Average that they are on the ball when looking for even the most innocent of errors? And that in turn, makes every item of flagrant disregard by VA/VHA concerning sc veteran’s health care and any/all of those related HIPAA violations, to be treated as what, just vet whining and extreme measures enforced to ignore same?
    “We want to be open, honest, transparent,” Etter said. “We have nothing to hide. We made a mistake, we’ve owned up to it and we’ve promised to correct that mistake and not let it happen again.” R-iiii-ght!

    1. I wrote a piece concerning those so-called laws but no-one out there to enforce them. Don’t know if I am being censored, moderated or what today. Try to do a re-post and it says I have ‘already posted the comment.’ Not getting up-dates either. Wasted enough time on it. But I think the issue is more rampant than reported.

    2. @T,
      I agree. We know that this is a rampant type of issue, the problem is that Uncle won’t let the truth be told to the public at large! Unless of course, “they” can spin the story in their favor.
      There is a lot of information missing in the article such as length of time of this employee on that software, in that job position, and how often the nursing home referrals have ever been requested. Granted, the disclosure of nearly 1000 veterans private information should have sparked a question mark from the employee at the onset of the document. Also, this article does not indicate whether this incident was a deliberate action by the employee.
      My beef is the VA/VHA putting this event out to press in a way that would have Joe Average think that VA/VHA has this iron-fisted reaction toward all HIPAA misdeeds committed by their employees regardless whether deliberate or by accident. The sheer number of those violated is IMO the only reason behind the release of this story and allowed by VA/VHA for the press. If VA/VHA took even a scant glance at the many very serious HIPAA violations that veterans have discussed only on Ben’s site, then the example used in today’s topic could be taken in a different context. It is disingenuous to blatantly ignore those violated veterans having singular or few to report of their own situations.

      1. It’s long but have to put this out in increments just to get it out of me. Also since Indiana is one well oiled corrupt machine to the core.

        Another great article about VA BS, so-called “laws,” all the excuses, “sorry,” etc. Same old line of crap from those in power positions. I’d imagine the number of those harmed are just a drop in the bucket. Especially considering the issues being nation wide. And in some states that are totally censored or assure nothing negative comes out. Bad for business.

        Another issue I’ve bitched about and told by some… “yes we are getting hundreds of calls about this. “Yes people have been fired over this.” Blah blah. Run the gamut and game for some justice to be told to make all the calls back to the same or phony referrals back to step one to be told… ‘we are totally unaware of any such issues, no complaints have been noted in our office.” Total BS.

        Pity the liars, hypocrites, phony, un-ethical, All, the corrupt aren’t called out on a state by state – town by town or county by county open forum for complaints about this and corruption. Now they supposedly have “privacy officers?” It was years before I was notified, or known of, that locally each clinic/team had their very own patient advocate teams besides those whose smiling faces shown in atrium’s walls for any issues with the VA or care. Then when the corruption and cover-ups got serious those in the nice photo ops passed our questions or complaints to the “team’s PAs” or some phony “triage telephone complaint/care system.” Then claim there is no such a thing.

        “Fraud” how about their uses of any info they can get on us for their civy, VA, union, activist, associations, or political attack dogs? Goes beyond mere ‘fraud.’
        2 B Con’t.

      2. (2)
        One side of the large signs I carry for all to see in my vehicle is about HIPPA, civil rights to Indiana’s violations of the Dis Act of 1970. Who cares? No one. They all ignore the issues, pass the buck to no end, want video proof of any abuses, or is protected between the VA and civilian care including the medical boards, bottom feeding state’s AG… et al. And don’t waste any time trying to use senators, hospital directors/CEOs, congress critters, human relations tax dollar wasted office, or some agency. On top of that they all want or demand… more forms/releases to be signed over for them to access any or all of any files about us for more info on us or for phony investigations. Or be told not to bother more than one politician/agency or office with complaints since it will create chaos or problems for any investigations going on… which never really happen to begin with. OH and besides being told by smart ass secretary/wenches that nothing is private today. “Like we have your private phone number right now on our phone ID system.” Then proceed to block us from contacts with their bosses, MDs, CEOs, or whomever.

        Now imagine the number of strangers/cliques/activist/staffers or employees we are supposed to trust with our files, investigations, or info. How many union/associated/cliques/activist and the political hacktivist are in the pictures. As we sign more release forms after being told by many their office can and will help. Yeah right until they all circle their wagons to protect some segment of “their own.” The same people that can, do, and will mess or delete things in our files let alone spread some info around for the kicks, or to show their powers and how they can get by with some things to being immune from real investigations or firing.

      3. Let’s not forget all those background, credit, legal, pharmacy, and medical checks that are required today for care or some stupid reason. Privacy? Especially all those required after walking away from the VA trash system of death and despair for many.

        My info has been passed around town like candy. The game of ‘identity politics’ in college strong towns. Health care, councils, utility/union activist, shhhh secret societies crap. Not one person wanted to hear some of my phone recordings or what happens when out and about, or mentioned to me in passing by some stranger. Same goes for all the harassing calls from a local civy hospital/associated out clinics, from several inner clinics there and stations from registration, PCP, to surgery playing the VA-like game and making health care near impossible locally. The refusals to get me copies of my own VA files they got plus what the lying civy hospital and clinic has used, toyed with doing the same thing the VA and local MD offices have done? Plus all the “gas-lighting,” scorn of females in the “Women’s March” stuff, political enemies, those with connections to the local VA and all their cliques, unions, associations, to the college Greek/sorority protecting their own shit. Never getting the chance or opportunity to get audience from any power-brokers from the medical fields, mayors, media, or politicians including the VSOs turning away and bowing down to all the all-mighty filth and corrupted. Can’t get passed by all the lying corrupt trash out there put in position to play their games and insulate the ones “at the top” and those being protected seemingly by the entire state and connected.

        One example; Several surgeries, special made dentures, broken/shattered jaw,and no-where is any of it VA or civy any info or xrays about it to be found in any files. Just cover-ups, file manipulation or omissions along with an array of other issues. Laws? Protections? AG, no attorneys want involved. “Professional courtesy” to allow others run rampant, corrupt, malevolently, intentionally, till death need be, over our lives. No help from senators, media, Larry Bucheon the doctor and congress critter or from DC.

        Sorry for the length but some things need openly known and discussed and can’t be made short. And I am a wordy writing guy. Diogenes is still hunting for one honest person in Indiana. What law suits when all seem in cahoots with each other? Protecting each other in or out of the court rooms.

Comments are closed.