Investigation Reveals Rising VA Privacy Violations

The Department of Veterans Affairs is facing increasing scrutiny over more than 10,000 privacy violations and mistakes since 2011. A yearlong ProPublica investigation into privacy violations at various medical facilities reveals breaches ranging from mistakenly sending documents and prescriptions to the wrong people, to intentional snooping and theft of veterans’ and employees’ personal information.

According to the report, during a VA town hall meeting in Murfreesboro, Tennessee, on Aug. 19, 2014, Anthony McCann, announced that he had mistakenly received a 250-page copy of another veterans medical records.

“It had everything about him, and I could have done anything with it,” McCann said in an interview with ProPublica. McCann had received documents and records belonging to other veterans before, which he threw away after notifying the VA, he said.

This time he decided to voice the concern publicly.

When an official asked for the documents back, McCann refused, doubting the VA's ability to safeguard the material or make sure it ended up in the right hands.

“I don't trust them,” McCann said. “They don't do what they say they're going to do.”

From 2011 to 2014 the number of privacy violations reported per year nearly doubled, from 1,547 to 3,054. The VA’s associate deputy assistant secretary for privacy and records management, John Oswalt said the increase in complaints is less a result of a growing problem, but an indication that the VA has been successful in encouraging employees to report breaches in privacy.

According to ProPublica’s investigation, the VA’s Sunshine Healthcare Network, which includes Florida, Puerto Rico, and southern Georgia, has had more privacy incidents than any other region, racking up at least 370 in the last five years.

Additionally, the C.W. Bill Young VA Medical center in Bay Pines, Florida, had more privacy reports than any other facility, 112, to be exact.

“Nothing is more devastating and unconscionable than the misuse of power to subjugate legitimate complaints,” said Sen. Richard Blumenthal of Connecticut, the ranking Democrat on the Senate Committee on Veterans' Affairs.

“This is a problem that is widespread throughout the VA,” said Brandon Coleman, an addiction therapist with the Phoenix, Arizona, VA Health Care System who testified before the Senate that his private medical records were wrongfully accessed by a co-worker. “I realized right away that she had no right to be in there. She had never treated me and had nothing to do with my medical care.”

After Coleman came forward in December 2014 to the Office of Special Counsel, which handles whistleblower allegations for the VA, he was placed on administrative leave for allegedly threatening other employees, reports ProPublica.

While on leave, Coleman discovered that another administrative officer at the VA accessed his health files after he filed his complaint. Coleman said he was horrified and filed a complaint with the privacy officer at the Phoenix VA.

“They come up with ways to try to discredit you or say you are unfit for duty,” said Coleman, who is still on leave nearly a year later. “There is zero accountability.”

In a statement, the VA told ProPublica that it will not tolerate retaliation “against those who raise issues which may enable VA to better serve Veterans. … Complaints that VA receives from whistleblowers about inappropriate access to their health records are thoroughly investigated and appropriate actions are taken where warranted.”