Northwest Network (VISN 20)

Issue: On 12/4/12, a dermatologist mislaid a spare SD card for the dermatology camera (dermatologist believes she put it in camera case but at end of day there was no SD card in the case). On 12/21/12, a patient came to…

Outcome: All staff have been trained in the correct procedures to handle SIM cards and physical protection requirements of portable media. The patients have been notified by letter by the Privacy Officer.

Issue: Veteran A was mailed a research packet meant for Veteran B. The packet only contained the name and address of Veteran B. No PHI or other information was disclosed. Veteran A contacted the research staff to notify them of the…

Outcome: Research staff members were reminded to verify addresses and the contents of all reseacrh packets prior to mailing. The staff will follow SOP's already in place for bulk mailings. No further action needed or required regarding this incident. Staff are…

Issue: As part of an approved research protocol, the VA sends out information to participants, a type of homework, and instructions on how to get ready for their upcoming appointment. The research department just discovered that one subject was sent the…

Outcome: Staff were reminded to double-check all mailings prior to sending. An mailing SOP was suggested by the Privacy Officer.

Issue: The driver of a Disabled American Veterans transportation shuttle operated out of the Portland VA Medical Center drove off after a pick-up stop at 1PM today with the clip board containing his Veteran transport list on top of the vehicle.…

Outcome: The documents were recovered by the shuttle driver.

Issue: Veteran A requested copies of his medical records via Release of Information (ROI). Upon receipt of his records in mail Veteran A discovered copies of Veteran B's medical records mixed in with his own. Veteran A returned Veteran B's medical…

Outcome: All mismailed documents have been retrieved and destroyed by VA. Credit Monitoring letter has been signed by Director and mailed to Veteran. Employee has been counseled by immediate supervisor and checks put in place to prevent another like incident.…

Issue: The Chief of Health Information Management Service (HIMS) asked one of his employees to look up the appointment schedule for one of his friends. The friend's brother was in the Chief of HIMS office and wanted to know when his…

Outcome: Employee was required to retake privacy trainings and was counseled regarding federal laws pertaining to accessing medical records. Employee was also reminded that the HIPAA Privacy Rule is very clear about how information can be shared and under what circumstances.…

Issue: On November 27, 2012, our office was notified of a returned payment voucher and explanation of check that was intended for one civilian contracted provider and received by another. Health Net is researching the cause of the error and taking…

Outcome: Working with Health Net so this does not happen again.

Issue: An employee has accessed a Veteran's medical record over 200 times from February 2011 to November 21, 2012, without a need to know or for treatment, payment or health care operations under the HIPAA Privacy Rule. The Veteran has a…

Outcome: Employee is under investigation by HR, Service Line and VA Police. Termination is highly probable at this point. Privacy Office investigation is complete.

Issue: Records of Veteran B were mailed to Veteran A along with Veteran A's records. Update: 11/27/12:Veteran B will be sent a letter offering credit protection services.…

Outcome: Sent out credit monitoring letter. Informed employee and their Supervisor of the incident. Reviewed training and processes.…

Issue: Veteran A received a copy of Veteran B's lab results. The lab results contained the name, date of birth and full SSN. Update: 11/23/12:Veteran B will be sent a letter offering credit protection services, due to full name and full…

Outcome: Worked with provider on established process for clerk to double check all outgoing mail