Michael E. DeBakey VA Medical Center

Issue: In providing health care information for Veteran A to an Assisted Living Facility, a Social Worker mistakenly included a lab test for Veteran B. The Admission Coordinator at the Assisted Living Facility contacted the Social Worker to report that she…

Outcome: 06/19/15: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services due to full SSN being disclosed.…

Issue: The week of 01/04-11/15 during the absence of MEDVAMC Catholic Priests a local Priest was given permission to conduct Catholic Mass and perform pastoral care visits to Catholic patients by the MEDVA MC Chaplain. However the Priest did not go…

Outcome: 05/27/15: The Incident Resolution Service Team has determined that there was a policy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.…

Issue: A supervisor reported that an employee may have impermissibly accessed a coworker's medical record.

Outcome: 05/27/15: This was not done with malicious intent. The employee was trying to assist, just did not follow proper procedure. This is a privacy violation but not a breach. The Veteran/Coworker was aware of this.…

Issue: A VA employee reported providing the date and time of next appointment to daughter who was not listed as Power of Attorney. No other information was provided.…

Outcome: 05/07/15: The Incident Resolution Service Team has determined that no data breach has occurred. There was Personally Identifiable Information (PII) involved, but not the required criteria for credit protection services or HIPAA notification.…

Issue: A Nurse Executive has requested an investigation into whether or not an employee inappropriately accessed another employee's medical record.

Outcome: 05/18/15: It was confirmed that the employee did access the record and did not have a work related purpose for doing so. The other employee will be sent a notification letter.…

Issue: Veteran came to the MEDVA MC on 04/29/15 to complain about services he received in the ER on 04/08/15. During the conversation he informed the Health Systems Specialist (HSS) that he returned to the ER on 04/11/15 and while there…

Outcome: Data not available.

Issue: A Community Based Outpatient Clinic (CBOC) employee self-reported that he gave an appointment list and travel voucher to the wrong Veteran. The employee has been calling Veteran to try and recover but so far, he has been unable to reach…

Outcome: Data not available.

Issue: A physician reported that during a medical visit with Veteran A he left the room for a short period of time. When he returned Veteran A confronted him about leaving a document in the room that contained Veteran B's name,…

Outcome: 03/18/15: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: A review of a sensitive access report shows a MEDVA MC employee has been accessing her spouse's medical record which if confirmed is a violation of privacy and security policies.

Outcome: 03/03/15: The access to the record has been confirmed. The IRST has determined that the employee will be sent a HIPAA notification letter.…

Issue: A VA Social Worker self-reported that he was assisting a Veteran complete a Release of Information authorization and he put the incorrect Veteran's name and last four SSN on the form instead of the Veteran he was working with. After…

Outcome: 01/12/15: The Incident Resolution Service Team has determined that there was a policy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.…