Northwest Network (VISN 20)

Issue: A completed form 10-5345 was found on floor in front of radiology department. Update: 03/22/12:Since it has cannot be determined where the document came from Veteran A will receive a letter offering credit protection services.…

Outcome: NOTIFIED STAFF. SENT OUT CREDIT MONITORING LETTER. REVIEWED PROCESSES AND TRAINING.…

Issue: While reviewing a VA Research Study the Portland VA Medical Center's Privacy Officer discovered that the personaly identifiable information of five Veterans enrolled in the study has been stored electronically on a University server without authorization. The Informed Consent and…

Outcome: The Research Principal Investigator over the study is in the process of making the necessary changes to store the study information at the University with the required authorizations.

Issue: Veteran A contacted the VA Health Resource Center (HRC) to complain he had received a statement in the mail from the Portland VA Medical Center addressed to him, but the credit card payment stub mailed with it belonged to Veteran…

Outcome: Our Fiscal department has been made aware that this mistake occurred and they have already changed their process for mailing back declined payment stubs to add increased protection.

Issue: Veteran reported that her daughter had spoken with the Veteran's Primary Care Physician (PCP). Veteran reported that the PCP discussed her care with the daughter without her consent to do so. Update: 03/16/12:The Veteran reported that this exchange was in…

Outcome: Spoke with provider. Provider is aware of this and states that she did not speak with family members about the Veteran's care.…

Issue: On 3/8/12 at noon approximately, an employee discovered a book at the USA Paper Dispensing Machine located near the Coffee Cart in the basement of Building 1. The book contains the following VA sensitive information:1.Durable Power of Attorney (2 Veterans),…

Outcome: PO provided education, training, sent out letters, and retrieval.

Issue: A Radiology Resident reported that he is unable to locate a personally owned USB storage drive on which he has maintained a spreadsheet of the procedures he has participated in. He reports it has not been seen since late December…

Outcome: The residents at the facility have been reminded that they are not to leave the facility with any VA patient data. The resident had his VA network and medical record access accounts disabled until he had repeated the required VA…

Issue: A former employee requested "a list of all persons who accessed her computer medical records from 01/01/95 to 02/03/12." The Privacy Officer (PO) reviewed the Sensitive Patient Access Report (SPAR) and identified her ex-husband who is a current employee had…

Outcome: On February 22 the employees supervisor was notified of the unauthorized electronic access. On March 1 the supervisor counseled the employee on the inappropriateness of his behavior and notified him of the intent to pursue disciplinary action. An appointment has…

Issue: The Privacy Officer (PO) received an email message from the VA Health Resource Center (HRC) that they were contacted by Veteran A who received a mailed VA bill for Veteran B with a similar name. The information contained in the…

Outcome: MCCR Revenue Coordinator/Supervisor will educate staff regarding the importance of verifying the address for a Veteran before any returned mail is sent to a new address.

Issue: A Veteran presented the Privacy Officer (PO) with 5 pages of documents that had been mistakenly placed in an envelope mailed to him with blank copies of a nutrition journal sent to him by a VA employee. The 5 pages…

Outcome: The employee who mailed the documents has been counseled to review the contents of all letters being mailed out before the envelopes are sent out.

Issue: A Primary Care Clinic employee mis-mailed the lab results and a brief narrative (5 pages) concerning Patient A to Patient B. Patient B returned the information to the Primary Care Clinic, whose staff then forwarded the document to the Privacy…

Outcome: The document that was erroneously mismailed was retrieved. The Primary Clinic staff will have an in-service to address policies and procedures for mailing sensitive patient information and processes for quality assurance to decrease the possibility of a mis-mailing.