Desert Pacific Healthcare Network (VISN 22)

Issue: A nurse accessed, printed, and disclosed three patients medical records to several internal staff and the Union (AFGE) accompanying a report of contact. Update: 03/21/13:The three patients will receive letters offering credit protection services.06/05/13:This was determined to be HITECH reportable…

Outcome: Veteran has been sent a credit monitoring letter and the employee has retaken the HIPAA Privacy & Security Training and submitted a training certificate dated

Issue: A VA Employee was arrested by non-VA Police who located patient names and medications in paper format but did not conform they were from VA. The papers are impounded in the employee's car. Update: 03/18/13: The event has been reported…

Outcome: The credit monitoring letters have been sent to the Veterans. The employee has been notified not to remove any information from the facility. A police report was filed. The Chief of Pharmacy will take further action.

Issue: Veteran A requested a blank 10-10EZR Health Benefits Renewal Form. Intermingled with the blank forms was the first page of Veteran B's 10-10EZR form, which included Veteran B's name, address, and full SSN, Update: 03/14/13:Veteran B will be sent a…

Outcome: Unable to determine which employee gave out the wrong 10-10EZR to the Veteran as the Veteran was vague/confused on which department he was at when he received the paperwork. Any employee within the clinic could have provided blank 10-10EZR. It…

Issue: Veteran A reported he received medical records belonging to Veteran B. The Veteran agreed to return the records to the medical center February 19, 2013. Veteran A and Veteran B have the same name but different middle initial. Release of…

Outcome: Veteran B brought his military medical records to the Release of Information (ROI) clerk for copying and inclusion into his VA record. When Veteran B failed to return to pick up the records after his doctor appointment, she mailed the…

Issue: A Social Worker accidently mailed a Veteran's Social Security Card and Identification card to the incorrect Veteran. The information was returned. Update: 02/13/13:Veteran A will be sent a letter offering credit protection services.…

Outcome: The Veterans information has been returned. A credit monitoring letter was mailed to the Veteran on February 27, 2013. The staff member and I (her supervisor) have been and discussed the importance of reviewing all items prior to mailing. Additionally,…

Issue: Two employees reported that they never received their W-2 from their supervisor. The supervisor stated that she doubled wrapped them, addressed them to each employee in separate envelopes, and sent them by internal mail on 01/31/13. The supervisor notified the…

Outcome: No policy that forbids supervisor to send W-2 via internal mail. Supervisor to continue to work with mailroom supervisor to ensure mail is getting to the off-site facility. Credit monitoring letter mailed 2/13/13 and uploaded.…

Issue: Veteran A had a dental appointment on 12/27/12 and was given a print out with his future appointment dates. On 2/13/13 he called to confirm appointment dates and noticed the print out had his last name; however the first and…

Outcome: Employee reminded of privacy protocols and to check to ensure they have the correct Veteran. Credit monitoring letter mailed and uploaded into PSETS on…

Issue: Veteran A found Veteran B's procedure report was intermingled in paperwork containing his procedure report. Veteran A to return Veteran B's document back to VA on 002/12/13. The personally identifiable information (PII) included full name, full SSN, DOB and procedure…

Outcome: Unable to identify the specific employee who caused the breach, however all staff within department were reminded of privacy protocols. Redacted credit monitoring letter mailed on 2/12/13 and uploaded in PSETS.…

Issue: Veteran A received Veteran B's authorization letter. The letter included name, last four digits of the SSN and type of authorization. Update: 02/05/13:Veteran B will be sent a notification letter.…

Outcome: Privacy Officer counseled employee on proper privacy protocols when mailing documents. Notification letter mailed on February 5, 2013 and uploaded.…

Issue: On several occasions dating back to August 24, a VA employee inappropriately accessed a Veteran (ex-girlfriend) medical records to acquire the current phone number and address. The employee admitted to accessing the record in order to have ex-girlfriend mail routed…

Outcome: We are currently working on the administrative action for this employee.