Desert Pacific Healthcare Network (VISN 22)

Issue: An employee/Patient/Veteran received their medical records on CD with 4 or 5 other Veterans' medical records. Update: 05/03/12:The CD has been returned to the VA and contained five additonal Veterans information. The Veteran who the CD actually belonged to had…

Outcome: The Privacy Officer has since trained the ROI staff during a staff meeting. The staff were made aware of their mistakes. The HIMS Chief and the department supervisor was made aware of the recent mistake. Credit monitoring letters have been…

Issue: The Release of Information staff mailed the medical records of a Veteran to an incorrect address by mistake in response to a Congressional inquiry. The authorization was difficult to read and the address was not confirmed by the staff. Update:…

Outcome: The Release of Information Supervisor and the HIMC Chief was notified of this incident. PO included HR, labor Relations via email with the supervisor and HIMC Chief on the email. The credit monitoring letters have been mailed to the affected…

Issue: A Release of Information (ROI) employee released the medical records of a patient/Veteran without an authorization to an attorney representing the wife of the Veteran and used in a court case. Update: 05/02/12:The Veteran will be sent a letter offering…

Outcome: The employee has not been notified of his mistake. He is on military leave. I have contacted the Chief of Labor Relations about this and so has the Veteran employee that received the data since he works for HR Labor…

Issue: A Human Resource (HR) employee had a courtesy physical exam done on a civilian for the military agency where the person was applying for a job The physical exam was sent by the VA employee to DOD even after the…

Outcome: The physical exam was returned to our HR Staffing Dept. from Fort Lee. We are mailing the file to the complainant. The credit monitoring letter is being mailed tomorrow.

Issue: Veteran A received Veteran B authorization and vice versa - while mailing the employee switched the envelopes. PII included name, last 4 SSN, address, diagnosis and what the authorization was for. Update: 03/20/12:Veteran A & B will be sent a…

Outcome: Employee self reported incident - Privacy Officer reminded employee of privacy protocols. Notification letters mailed and uploaded on March 20, 2012. New authorizations mailed to Veterans on March 19, 2012.…

Issue: A deceased Veteran's daughter and Power of Attorney (POA) gave a private residential care home a non-compliant authorization to use to communicate with the VA Greater LA Healthcare System (GLA) for medical issues such as prescriptions and treatments information which…

Outcome: A response letter and an accounting of disclosure will be mailed to the daughter today as she has requested. The staff at the facility has received a formal training by the release of information supervisor to ensure that this mistake…

Issue: An employee and patient received a Sensitive Patient Access Report (SPAR) from the Privacy Officer that contained another employee's name as having accessed his records that he believed should not have access to his records. He did not report this…

Outcome: Action has been taken on the employee that is listed on the SPAR Report, and on the Clinic Manager that "suggested" another person look into the Veteran Employees Record as alleged. The supervisor was not charged and no evidence was…

Issue: Veteran A reported to the Director's Office that he received Veteran B's medical information on a CD with his own medical information. Update: 03/06/12:Veteran B will be sent a letter offering credit protection services.…

Outcome: The credit monitoring letter has been sent to the Veteran whose information was compromised. A response has been sent to the person who reported the incident. the information and CD has been requested to be returned to VA from the…

Issue: A VA mental health professional mistakenly gave the Suicide Prevention Plan of Veteran A to Veteran B. The Plan included Veteran A's name, date of birth, full SSN and protected health information (PHI). Update: 02/23/12:Veteran A will be sent a…

Outcome: The credit monitoring letter has been sent to the Veteran whose information has been compromised. The note was deleted from the chart of the incorrect patient. the person who entered the note and deleted the note is aware of their…

Issue: Veteran A received Veteran B's authorization and vice versa. Both Veterans called and reported the incident. They agreed to destroy the authorization form. The information disclosed included full name, birth year, last 4 of SSN, address, diagnosis, and what the…

Outcome: Employee self reported incident. Privacy Officer educated employee on privacy protocols; supervisor also discussed issue with employee. Notification letters mailed on February 21, 2012 and uploaded into PSETS.…