In 2021, the names and vaccination statuses of approximately 500,000 employees were disclosed without permission when a spreadsheet containing the information was sent to various members of Veterans Health Administration senior leadership.
“Upon internal review, the VA agrees that the information contained in these documents should not have been placed on SharePoint without appropriate access permissions and this incident resulted in the inadvertent or unauthorized transmissions or disclosure of sensitive personal information,” said Jessica Bonjorni, chief of human capital management for the VA.
Under HIPAA, regulated entities are prohibited from disclosing an individual’s protected health information, which includes COVID-19 vaccination status.
The VA removed the spreadsheet containing employees’ medical information following the internal investigation by the VA’s Data Breach Response Service.
