Captain James A. Lovell Federal Health Care Center

Issue: Sensitive information was released to a covered entity without consent.

Outcome: 08/19/14: The Incident Resolution Service Team has determined that Veteran A will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Employee A was just looking at the enterprise Health Management Platform (eHMP) site and noticed that a contractor (Contractor A) for the eHMP project has their onboarding documents on the page and at least one of them has his full…

Outcome: 08/06/14: This is a SharePoint site and is internal to the VA. The majority of the data was entered by a VA employee, however some was entered by the contractor. The site was open to VA staff and contractors. All…

Issue: VA Employee A accessed the Employee Health Record (EHR) of a Department of Defense (DoD) Employee, without a need to know and in clear violation his signed Rules of Behavior (RoB).…

Outcome: 07/14/14: The Incident Resolution Service Team has determined that the DoD employee will be sent a HIPAA notification letter due to Protected Health Information (PHI) being reviewed without a need to know. 07/17/14: The Privacy Officer (PO) is awaiting the…

Issue: The Information Security Officer (ISO) received a complaint concerning the VETS LINK kiosks. The Privacy Officer (PO) indicated that the Patient Advocate also received the complaint. A survey was conducted of 13 of 16 locations and Sensitive Protected Information (SPI)…

Outcome: 07/10/14: When the ISO approached each of the VETS LINK Kiosks, they were placed in locations where multiple other patients could plainly see the SPI of the patient logging in with the Vet ID Card. If the patient did not…

Issue: A copy of a medical record for a DoD member was mismailed.

Outcome: 04/15/14: The copy of the medical records was sent to OPM in error. Based on the basic risk assessment in the updated breach criteria document, this is of low risk of compromise and does not require notification or credit protection…

Issue: Veteran A received appointment letters belonging to Veterans B and C in the mail. The letters contained Veterans B and C names, addresses partial SSNs and appointment information.…

Outcome: 04/02/14: The Incident Resolution team (IRT) determined that Veterans B and C will receive a HIPAA letters of notification due to their protected health information (PHI) having been compromised.…

Issue: Medical documents of three Veterans were left at the home of another Veteran by a visiting nurse.

Outcome: 03/27/14: The Incident Resolution Team has determined that Veteran A will be sent a letter offering credit protection services.…

Issue: Veteran A was mailed information belonging to Veteran B

Outcome: 01/22/14: Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Medical documents of DoD recruit A were scanned into the record of DoD recruit B.

Outcome: 10/15/13: Both individuals had access to each other's medical information from CPRS. VA was at fault. Both will be offered credit protection services.…

Issue: A copy of Veteran A's consult was mailed to Veteran B

Outcome: 10/10/13: Veteran A will be sent a letter offering credit protection services due to full name, SSN and Protected Health Information being disclosed.…