Asheville VA Medical Center

Issue: Our Information Security Officer (ISO) was walking through the parking lot and found a pink sheet of paper with the last name, first name, and last 4 digits of the SSN of a Veteran. It is unknown if the Veteran…

Outcome: 05/27/15: The Incident Resolution Service Team has determined that the incident has a low probability of a risk of compromise due to the location of the item found and the fact that it was found by VA employee.…

Issue: A Release of Information (ROI) employee's supervisor gave CPRS documents to an employee to question his/her inactivity. The ROI employee gave the documents containing names and SSNs to his Union representative. The representative contacted the Privacy Officer (PO) and the…

Outcome: 05/13/15: PO update -- pending meeting with ROI supervisor. 05/15/15: PO updated -- Scheduled to meet with AFGE representative next week. 05/18/15: The Incident Resolution Service Team has determined that there was a prrivacy violation. While there was an unauthorized…

Issue: Veteran A called and stated he got appointment information about Veteran B in the mail that included Veteran B's name and full SSN.

Outcome: 04/01/15: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: A VHA employee handed a urine sample container to Veteran A . When Veteran A got home, he/she discovered the container had the wrong name and SSN on it.…

Outcome: 03/18/15: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: A Release of Information (ROI) employee accidently faxed some medical information to what is believed to be a residential fax number. The receiver of the medical info contacted ROI and told them what had happened. The ROI employee asked the…

Outcome: 03/06/15: The Incident Resolution Service Team has determined that the Veteran whose full SSN and other information was disclosed will be sent a letter offering credit protection services.…

Issue: VHA employee accidently picked up protected health information (PHI) from her desk and included it in a package mailed under tele-health program (PHI-Consult) to the wrong patient. The recipient is a Veteran and states she will secure the PHI and…

Outcome: 02/09/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: A male VA employee was allegedly dating or wanted to date a female patient. He allegedly accessed the patient's records (outside his normal duty hours) which leads his supervisor to believe he had no need to know since he was…

Outcome: 01/14/15: The Incident Resolution Service Team has determined that one Patient will be sent a HIPAA notification letter due to Protected Health Information (PHI) being accessed inappropriately.…

Issue: Veteran A hand carried an appointment list for Veteran B into the facility that he had received in the mail.

Outcome: 09/08/14: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: Veteran A received at his residence a fee basis consult for Veteran B in the mail. The Veteran's housekeeper has destroyed the document. Veteran B's name, partial SSN and consult information were compromised.…

Outcome: 09/04/14: The Incident Resolution Service Team determined that Veteran B will receive a HIPAA letter of notification.…

Issue: VA Employee found (3) Consultation sheets on the sidewalk between two buildings on VA property.

Outcome: 08/25/14: The Incident Resolution Service Team has determined that three Veterans will be sent letters offering credit protection services.…