By Patrick Ouellette

July 16, 2014 - On top of myriad public image issues it’s dealing with, the U.S. Department of Veteran Affairs (VA) is currently resolving two different patient privacy breaches in Minneapolis and Baltimore, respectively.

First, the recently-opened Shakopee Veterans Affairs outpatient clinic mistakenly included names and addresses belonging to a different veteran in letters to 500 other veterans. According to shakopeenews.com, the clinic inadvertently printed the veteran’s information on the backside of the letter. Shakopee Veterans Affairs serves 3,500 to 4,000 veterans.

The clinic added that it has alerted affected veteran patients. Minneapolis Health Care System Privacy Officer Kenneth Parsley told HealthITSecurity.com that he considered the incident a result of human error because there wasn’t a quality assurance check done prior to the letters being sent out. Additionally, Parsley said that though there was no protected health information (PHI) involved in the letters, it was considered a breach because of the VA Claims Confidentiality Statute, 38 U.S. Code § 5701. This assures the confidentiality of names and home addresses of all VA patients:

All files, records, reports, and other papers and documents pertaining to any claim under any of the laws administered by the Secretary and the names and addresses of present or former members of the Armed Forces, and their dependents, in the possession of the Department shall be confidential and privileged, and no disclosure thereof shall be made except as provided in this section.

Next, the VA’s Baltimore Regional Benefit Office is reporting that an employee inappropriately accessed thousands of patient claims documents. According to CBS Baltimore, the now-fired employee had the documents on their desk, some of which contained Social Security numbers. The office has since conducted personal audits for employees to determine the scope of inappropriate claim document access.