Personally identifiable information is any information about an individual that can be used to distinguish or trace an individual’s identity, alone, or when combined with other information which is linked or linkable to a specific individual. Protected Health Information is individually identifiable health information held by a covered entity or by a business associate acting on its behalf, excluding certain educational and employment records covered by the Family Educational Rights and Privacy Act.

Examples of Personally Identifiable Information and Protected Health Information include:

The individual whose PII was misused may experience some degree of adverse effects. Depending on the type of information involved, an individual may suffer social, economic, or physical harm resulting in potential loss of life, loss of livelihood, or inappropriate physical detention. Information lost may be exploited by an identity thief, and the individual may suffer from a loss of money, damage to credit, a compromise of medical records, threats, and/or harassment. The individual may also suffer tremendous losses of time and money to address the damage, embarrassment, improper denial of government benefits, blackmail, and discrimination.

Likewise, organizations may experience harm as a result of a loss of PII maintained by the organization. Harm may include administrative burden, remediation costs, financial losses, loss of public reputation and public trust, and legal liability.

If VA suspects your Personally Identifiable Information has been significantly compromised, you will be notified in writing. The notification will describe the specific data involved, the facts and circumstances surrounding the incident, the protective actions VA is taking or you can take to mitigate against potential future harm, as well as a point of contact for more information.

If you receive a notification from VA that there has been an actual or suspected compromise of your personal information, directly contact the office sending the letter. Note that you should never give out your personal information, such as a Social Security Number or financial account number over the phone unless you are certain that you are speaking with an official VA representative. If you have any concerns over the authenticity of such a notice, contact the specific privacy office to verify.