Alexandria VA Health Care System

Issue: Supervisor reported that Employee A was observed by another employee entering the electronic medical record of Employee A's former partner. Supervisor stated he confronted Employee A, and she admitted to entering the record for other than treatment, payment or healthcare…

Outcome: 04/30/15: The Incident Resolution Service Team has determined that Veteran A will be sent a notification letter.…

Issue: A Veteran/Employee reviewed his Sensitive Patient Access Report (SPAR) and found that his former supervisor and a current coworker accessed his electronic medical record.

Outcome: Data not available.

Issue: Veteran A received Veteran B's Non-VA Care Authorization printouts that included Veteran B's full name, address, last 4 digits of the SSN, diagnoses, medical complaint, year of birth and wartime notation.

Outcome: 03/11/15: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: Around 01/30/15 Veteran A, a Home Base Primary Care (HBPC) Patient, received the following medication belonging to Veteran B: Combivent, Symbicort, and Diltiazem. Along with the medication, Veteran A also received inserts, and possibly a Prescription Profile belonging to Veteran…

Outcome: 03/02/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Employee reported that beneficiary documents submitted to HR have been misplaced by HR. Reported that documents contained sensitive information, including full SS and addresses of employee and 3 beneficiaries.…

Outcome: 01/23/15: The Incident Resolution Service Team has determined that three Veterans will be sent letters offering credit protection services. 01/23/15: involved the employee and 3 beneficiaries…

Issue: A VA Medical Support Assistant (MSA) gave a printout of Veteran As lab work to Veteran B, and asked Veteran B to hand it to the provider on her way back.

Outcome: 12/29/14: The Incident Resolution Service Team has determined that there was a policy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.…

Issue: A direct care worker posted the full name of Veteran A, who was her patient, and the date he passed away on FaceBook.

Outcome: 12/23/14: The Incident Resolution Service Team has determined that the Veteran's Next of Kin will be sent a notification letter.…

Issue: A one page letter from a mental health provider excusing an Employee/Veteran from work was found in an abandoned desk in the furniture disposal grounds area of the facility. The desk and document were unsecured.…

Outcome: 12/22/14: The Incident Resolution Service Team has determined that the Employee/Veteran will be sent a HIPAA notification letter due to Protected Health Information (PHI) being exposed.…

Issue: It was anonymously reported to the Privacy Officer (PO) that two employees (Employees B & C) were observed entering Employee A's medical record during the time Employee A was an inpatient. Employee B & C work with Employee A and…

Outcome: 11/05/14: The Incident Resolution Service Team has determined that Veteran A will be sent a notification letter.…

Issue: Veteran/Employee A reviewed her Sensitive Patient Access Report (SPAR) and realized several coworkers entered her electronic medical record during a period of time that she was deployed.

Outcome: 10/23/14: The Incident Resolution Service Team has determined that Veteran A will be sent a HIPAA notification letter due to Protected Health Information (PHI) being accessed inappropriately.…