Anthony McCann accidentally had another veteran’s private information delivered straight to his home twice. The first time, he contacted the VA and called it a day. The second time, he took the documents to a town hall meeting with his local VA director.
“I got 256 pages of another person’s extremely confidential, extremely explicit mental health records,” McCann said, waving the folder in front of an entire panel of VA employees. He then refused to return them on the grounds that the VA could not be trusted to safeguard the data.
McCann is not far off base when he says he can’t trust the VA, but his story is actually one example in a sea of shocking privacy violations.
A ProPublica analysis of VA data shows that 10,000 violations–ranging from accidentally sending documents to the wrong person to outright stealing data from VA servers–have taken place since 2011. From 2011 to 2014, the amount of privacy violations per year doubled from 1,547 to 3,054.
Most VA privacy violations are intentional attempts to snoop in a veteran’s medical records to find damning personal information. Brandon Coleman, a military veteran and VA whistleblower who was mocked at a recent Halloween party, had his medical records accessed by a supervisor after he started speaking out about corruption in the Phoenix VA Hospital.
“They come up with ways to try to discredit you or say you are unfit for duty,” said Coleman. “There is zero accountability.”
His information was compromised in order to pressure Coleman to stay quiet. Other employees broke into VA files to achieve more petty ends.
Other examples include:
– A nurse who told a patient’s family and ex-boyfriend that she was pregnant before the patient had a chance to tell anyone.
– A VA employee who dove into her estranged husband’s records so she could leverage his mental health information during a divorce.
– A male VA employee looking at the records of female veterans he wanted to date.
– A doctor mixing up two patients’ colonoscopy photographs.
– A nurse giving a patient the wrong placenta.
– A PA taking “funny” photos of a patient in the middle of surgery and then posting them online.
You can explore the thousands of privacy violation reports using ProPublica’s HIPAA Helper.