Louis Stokes Cleveland VA Medical Center

Issue: Veteran A stated that the Clinical Psychologist disclosed medical information to Child Protective Service without proper authority.

Outcome: 06/29/15: The Incident Resolution Service Team has determined that Veteran A will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: A VA Social Worker (SW) self-reported that she accidentally gave a CPRS cover sheet to another Veteran. She handed the Veteran a stack of information, the Veteran left and she realized she was missing another document (CPRS) on another Veteran.…

Outcome: 06/05/15: The Incident Resolution Service Team has determined that the Veteran will be sent a letter offering credit protection services.…

Issue: Veteran A received the health insurance information of Veteran B. Veteran A returned the documents to the Medical Center.

Outcome: 05/20/15: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: Patient A received an appointment letter for Patient B. Patient A mailed the original back to the VA.

Outcome: 05/14/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: A Nurse who was temporarily reassigned returned to her desk at VA and the lock from her desk was removed. She states her Family and Medical Leave Act of 1993 (FMLA) forms, appraisals and other documents were exposed but won't…

Outcome: 05/06/15: The Incident Resolution Service Team has determined that there was a privacy violation. No data breach has occurred.…

Issue: A patient received a Non VA Care claim on another patient. The claim is for Dayton VAMC but the patient that received it is a Cleveland patient. Cleveland does have the capability to print Dayton claims for Non-VA Care since…

Outcome: 04/20/15: The Incident Resolution Service Team has determined that Veteran A will be sent a letter offering credit protection services.…

Issue: A VA employee faxed a medication list of another patient to Trumbull Memorial Hospital.

Outcome: 04/06/15: The Incident Resolution Service Team has determined that there was a privacy violation. No data breach has occurred, as the facility who received the fax was a HIPAA covered entity, and they mailed the medication list to the VA…

Issue: An Institutional Review Board (IRB) discovered a Primary Investigator (PI) extracted data on more patients than approved by the IRB. The PI had a HIPAA Waiver to collect a specific amount of data, but pulled data that exceeded the approved…

Outcome: 03/19/15: The Incident Resolution Service Team has determined that this is a privacy violation, but not a data breach, as the information never left VA control.…

Issue: Patient believes a Lorain employee inappropriately accessed his record.

Outcome: 03/04/15: PO update -- Pull report and called patient. Awaiting call back. The report does not reflect the suspected person as accessing the record. 03/05/15: PO update -- Spoke to the spouse (caregiver) today. She relayed the name of the…

Issue: A Nurse stated that she had left her log book in her office when she left the office for a short time. When she returned, her log book was missing. The log book contained her user name and password for…

Outcome: 02/23/15: The Incident Resolution Service Team has determined that thirty-nine (39) Veterans will be sent a notification letter.…