Michael E. DeBakey VA Medical Center

Type: Violation

Issue: A Veteran/Employee received copy of Sensitive Patient Access Report (SPAR) and complained that three employees impermissibly accessed her CPRS record.

Outcome: 11/06/13: The impermissible access was on 02/27/12 by a VA evening nurse supervisor who accessed the employees CPRS record to confirm she was seen in the emergency room. This access was to complete a report of contact. Supervisor may not…

Type: Violation

Issue: Telecare staff member selected the wrong email group when sending an email to notify staff a Veteran needed a Primary Care Physician assigned. Selected FAV VA instead of MEDVA MC. No full or partial SSN included.…

Outcome: 09/06/13: An internal unencrypted e-mail was sent. No data breach has occurred. 09/10/13: On further review the email was sent to a group that included patients, and it did include a patient name and full SSN.…

Type: Violation

Issue: Veteran A received a letter for referral to VES medical care; however, Veteran B's Request for Outpatient Services consult was attached. The consult contained Veteran B's name, date of birth, full SSN and diagnosis.…

Outcome: 08/22/13: Veteran B will receive a letter offering credit protection services.…

Type: Violation

Issue: Veteran A received an authorization for outpatient services form and discovered it contained Veteran B's full name, full SSN, DOB, home phone number. He returned the form to Fee Basis Department.…

Outcome: 07/19/13: Veteran B will be sent a letter offering credit protection services.…

Type: Violation

Issue: A Veteran notified the medical center that he received a letter from a pre-registration staff member requesting he complete a 1010EZR form, however, the form attached was a form that had been completed by another Veteran instead of a blank…

Outcome: e06/21/13: One Veteran will be sent a letter offering credit protection services due to the exposure of full name, SSN, and address.…