Northwest Network (VISN 20)

Issue: An employee applied for a job in credentialing. An individual who was working in credentialing, along with several other individuals on an email thread, were sent the information on the successful candidate. The individual included a copy of the application…

Outcome: Human Resourses changed its process and will no longer send out the application of the successful candidate via email.

Issue: A proximity card and a log book containing personally identifiable information (PII) and protected health information (PHI) were stolen from a VA Puget Sound Health Care System (VAPSHCS) doctor's vehicle while he was off VA property. There was approximately 50…

Outcome: VAPSHCS Privacy Office and Information Security Office have addressed the incident through the appropriate reporting mechanism. The VA Police are actively investigating. The Service Line Leadership is discussing implementation of procedural changes and training designed to reinforce privacy concerns associated…

Issue: Veteran A's information was disclosed to Veteran B. Update: 10/13/11:Veteran B willl be sent a letter offering credit protection services.…

Outcome: Education, and retrieval.

Issue: A patient list containing full patient names, partial SSNs, and medical information was discovered near the outpatient pharmacy on a table by an employee. Update: 10/13/11:Five patients will be sent a letter of notification.…

Outcome: Informed Surgery Service of possible breach by one of their staff members and reiterated that staff must dispose of any paper patients lists at the end of each shift by placing these lists in one of Iron Mountain secure totes,…

Issue: A Campus Police Officer at the affiliate University that is physically attached to the VA Medical Center found 5 folded pages containing information about current VA surgery patients. The papers were on the ground in the hallway outside a busy…

Outcome: The facility Chief Health Information Officer and Privacy Officer will be meeting with the Chief of Operative Care to discuss what options exist to allow residents to track the status of the patients without leaving the facility with the information…

Issue: Inappropriate inclusion of full SSN and DOB was added to a Veteran's mailing address line on a letter. Through the clear windowed envelope the following was exposed: Veteran's full name, home address, full SSN and full DoB. The letter did…

Outcome: The author along with their co-worker are conducting an immediate review their mail out process and letter templates to be sure that only minimal necessary information and identifiers are included in all future letters/correspondence. They are immediately halting the use…

Issue: Veteran A received medical documents in the mail. He also received medical documents on Veteran B. Veteran A returned the documents to the VA Medical Records Room. The documents included Veteran B's name, date of birth and protected health information…

Outcome: PO worked with supervisor and ADPAC to set an SOP for notifying release of information regarding this type of error in uploading. The ADPAC notified the provider for a patient safety concern, but did not notify release of information. The…

Issue: The Community Based Outpatient Clinic (CBOC) Nurse Manager was tidying the waiting room and found a printed list of patients that were enrolled in the home oxygen program. The Manager had gone through the waiting room at 7:00 AM and…

Outcome: Privacy Officer recommended counseling letters be sent to the staff involved outlining their responsibilities for protecting Veteran information.

Issue: The VA Health Resource Center (HRC) emailed this facility Privacy Officer to report that a Veteran had called the Health Resource Center (HRC) to report that he received paperwork through the mail for 4 other Veterans. The 4 documents were…

Outcome: The office which sent the documents to the wrong Veteran is changing their internal process so the error is less likely to occur again.

Issue: The Sensitive Patient Access log showed Employee A's (who is also a Veteran) supervisor had accessed CPRS. When justification for access was requested, supervisor said it was to get the Employee A's address and phone number as they were a…

Outcome: Supervisor was counseled this was inappropriate access and advised to contact HR in the future. Documentation provided for OCR complaint, apology letters mailed to Veteran, and documentation kept for future disciplinary action if needed.