Gulf Coast Veterans Health Care System

Issue: Veteran A requested copies of record through the Release of Information (ROI) process and received Veteran B's information in the envelope with Veteran A's information. Veteran A's spouse is an employee and brought the envelope to work to show the…

Outcome: 06/03/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: The two page Quality Management (QM) Protected Peer Review was shared with 14 providers for staff education only. The document contained one patient's protected health information (PHI) and identified three recommended actions 1. most practitioners would have managed case differently;…

Outcome: 05/27/15: The Incident Resolution Service Team has determined that there was a policy violation. No data breach has occurred.…

Issue: The spouse (former VA employee) of Veteran A was reviewing Veteran A's medical information on a CD that was obtained from the Release of Information (ROI) office on 02/23/15. The spouse realized the information was not Veteran A's (it was…

Outcome: 03/05/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Veteran A was discharged from hospital on 10/16/14 with medications to include one prescription belonging to Veteran B. Veteran A contacted the facility by telephone on 1017/14 reporting the error.…

Outcome: 10/17/14: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Veteran A was notified by the spouse of deceased Veteran B they had received VA paperwork belonging to him. The spouse of Veteran B was going through the VA mail when they discovered the paperwork belonging to Veteran A. The…

Outcome: 09/10/14: The Incident Resolution Service Team has determined that Veteran A will be sent a letter offering credit protection services.…

Issue: Veteran A contacted this Privacy Officer (PO) to report their protected health information (PHI) was displayed on an overhead projector during an educational training class for Veterans. Upon discussion of the incident, it was determined the Veteran's demographic information, through…

Outcome: 08/27/14: The Incident Resolution Service Team determined that the Veteran will receive a HIPAA letter of notification, since the PHI was visible as evidenced by the fact that one of the other Veterans informed Veteran A.…

Issue: On 6-23-2014, the facility AOD notified the Business Manager, Privacy Officer, and Information Security Officer of a privacy incident involving the inappropriate release of patient effects to the wrong Veteran. The Privacy Officer advised the AOD to contact the NSOC…

Outcome: 06/25/14: The Incident Resolution Service Team has determined that the Veteran B's Next of Kin will be sent a notification letter.…

Issue: An employee accessed CPRS record of a volunteer with same last name. That employee is the step-mother of the volunteer and wanted to know when volunteer last had her lab work done. The volunteer is mentally handicapped.…

Outcome: 04/22/14: The Incident Resolution Team has determined that there was a policy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.…

Issue: Employee A accessed the CPRS record (patient prescription option) of Employee B. Although the event was discovered on 02/13/14, the fact that it was an inappropriate access was not determined until approximately 02/24/14. Employee A received a verbal counseling regarding…

Outcome: 02/27/14: The Incident Resolution team (IRT) determined that Employee B will receive a HIPAA letter of notification.…

Issue: A VA Employee inappropriately accessed the CPRS record of a former co-worker.

Outcome: 02/27/14: The Incident Resolution Team (IRT) determined that the former co-worker will receive a HIPAA letter of notification.…