Email-Related Breach at Lebanon VA Medical Center Exposed the PHI of 1,000 Patients

Lebanon VA Medical Center based in Pennsylvania found out that the protected health information (PHI) of hundreds of seniors has been impermissibly disclosed to a veteran’s family member.

The privacy breach occurred when a member of Lebanon VA Medical Center’s staff sent the wrong document to a veteran’s family member in November 2018. A veteran was looking for nursing home establishments and wanted a list of nursing home facilities connected with the Department of Veteran Affairs. However, the list contained a list of past residents of nursing homes.

The disclosed information included the names of veterans, diagnostic information, service-connection disability rating percentages, abbreviated Social Security numbers and the nursing home of the veteran.

According to Lebanon VA privacy officer, Tonya Hromco, Lebanon VA Medical Center and all employees take very seriously the obligation to safeguard patient information. Upon discovery of the privacy breach, they immediately investigated the incident with the help of national offices.

The inadvertent, unauthorized disclosure of data last November was an isolated mistake. The medical center has already taken steps to minimize the likelihood of future errors. Additional safety measures were employed in the department where the error happened and in other facilities. Files that contain historic data are now encrypted and only certain individuals have access to those files. Technical safety measures were likewise implemented to prevent the sending of email attachments outside the department.

Lebanon VA Medical Center issued a press release stating the PHI of 993 persons had been impermissibly disclosed. The breach report to the HHS’ Office for Civil Rights’ indicates the breach could have affected up to 1,002 persons. The people affected by the breach have been sent breach notification letters.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: