Dayton VA Medical Center

Issue: Travel pay was to be deposited into Employee A's personal bank account. The money did not arrive in the employee's account. The fiscal employee checked and found that the deposit may have been placed into Employee B's bank account with…

Outcome: 12/22/14: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: One box of medical records prepared for tort claim processing cannot be located. Records pertain to one deceased individual. Areas were searched since reported and box cannot be found.…

Outcome: 10/01/14: The Incident Resolution Service Team determined that the Veteran's Next of Kin will be sent a notification letter.…

Issue: An individual shredded "perhaps" 8-10 pages of documents. He noticed names & SSN on a page. He taped together 13 names. The other shredding material is not available. He does not know what the other pages contained. The pages were…

Outcome: 10/08/14: The Incident Resolution Service Team has determined that thirteen (13) Veterans will be sent letters offering credit protection services due to full SSN being disclosed.…

Issue: Veteran A returned lab results mailed to him that pertained to Veteran B. Veteran B's name, address and lab results were compromised.…

Outcome: 09/03/14: The Incident Resolution Service Team determined that Veteran B will receive a HIPAA letter of notification.…

Issue: An employee mailed a NVCC Authorization letter to the wrong Veteran. The Information at risk includes the name, address and diagnosis.…

Outcome: 08/26/14: The Incident Resolution Service Team has determined that one Veteran will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: An employee sent a Durable Power of Attorney for Health Care to the wrong patient. When patient A's POA was sent to him, it included the POA for patient B. Patient A's spouse agreed to mail the paperwork for Patient…

Outcome: 10/15/14: The Incident Resolution Service Team has determined that while there was an unauthorized access and/or disclosure of information, the Personally Identifiable Information (PII) involved, does not meet the criteria to require credit protection services or HIPAA notification.…

Issue: Veteran A and the spouse received 81 pages of Veteran B's medical record through the Release of Information (ROI) Section. It appears that the information was mailed out on 8/1/14, and received on 8/5/14. The Veteran and the spouse contacted…

Outcome: 08/06/14: The Incident Resolution Service Team determined that Veteran B will receive a letter offering credit protection services.…

Issue: On 06/15/14,the Privacy Officer (PO) was notified by the Compensation and Pension (C&P) Supervisor that he was contacted by Veteran A stating that he was mailed test results regarding Veteran B. The individual stated that he mailed the information back…

Outcome: 07/16/14: The Incident Resolution Service Team determined that Veteran B will receive a HIPAA letter of notification.…

Issue: A call received from the Chief, Community & Public Affairs at 12:11 PM notifying the Privacy Officer (PO) that Veteran A received mail from the Dayton VA Medical Center. The mail contained two forms relating to the appointment times of…

Outcome: 06/02/14: The PO completed his initial fact finding of the reported incident. It appears that he has been able to isolate this privacy incident to the employee. He reached out to the employee's supervisor on Saturday 05/21/14 to set up…

Issue: On 05/27/14, the Privacy Officer (PO) was contacted by the Chief, Community & Public Affairs regarding a privacy incident. The chief informed the PO that a local news affiliate had recently contacted the Dayton VA Medical Center to report a…

Outcome: 05/28/14: The PO met with the Veteran who received the mis-mailing of both Protected Health Information, and Sensitive Information this morning. He reported that he received this information in the mail on 05/21/14 along with his lab results. The PO…