When Anthony McCann opened a thick manila envelope from the Department of Veterans Affairs last year, he expected to find his own medical records inside.
Instead, he found over 250 pages of deeply revealing personal information on another veteran’s mental health.
“It had everything about him, and I could have done anything with it,” McCann said in an interview.
It wasn’t the first time McCann had received another veteran’s medical records. In the past, he informed the VA, then threw away the misdirected documents. This time, after failing to make contact with the other veteran on his own, McCann took the documents to a town hall meeting held by the director of the VA’s Tennessee Valley Healthcare System.
When the floor opened for questions, McCann was the first to raise his hand.
“I got 256 pages of another person’s extremely confidential, extremely explicit mental health records,” he said, waving the documents in his hands, an exchange captured by local media. When an official asked for the documents back, McCann refused, doubting the VA’s ability to safeguard the material or make sure it ended up in the right hands. “I don’t trust them,” McCann told ProPublica. “They don’t do what they say they’re going to do.”
Employees and contractors at VA medical centers, clinics, pharmacies and benefit centers commit thousands of privacy violations each year and have racked up more than 10,000 such incidents since 2011, a ProPublica analysis of VA data shows.
The breaches range from inadvertent mistakes, such as sending documents or prescriptions to the wrong people, to employees’ intentional snooping and theft of data. Not all concern medical treatment; some involve data on benefits and compensation.
Many VA facilities and regional networks are chronic offenders, logging dozens of violations year after year[…]
Permission to republish granted by ProPublica.