Northwest Network (VISN 20)

Issue: VA Employee A received an email that was supposed to contain blank forms. She discovered an additional form that had Employee B's Personal Identifiable Information filled in. Update: 10/16/12:Employee B will be sent an offer for credit protection services.12/11/12:The e-mail…

Outcome: The error was discovered quickly and the unencrypted emails were deleted with their attachments and the incident was reported to our facility Information Security Officer. The information was also removed from the form stored on the network drive.

Issue: A VA social worker accidentally copied the information of Veteran A into the record of Veteran B. The social worker copied the contents of the HUD-VASH Entry Form into the wrong Veteran's record. The name, SSN, and DOB and responses…

Outcome: Social worker has been counseled regarding copying and pasting previously recorded information into a medical record. CPRS staff has removed the erroneous entry from the chart. No further remediation needed warranted.

Issue: A Veteran who was admitted to the facility but requested to be Opted-Out of the facility patient directory had his inpatient status disclosed to his estranged wife by a VA employee. The employee did not check the current Veterans electronic…

Outcome: Our facility Privacy Officer has spoken with the employee and supervisor and they will consult the electronic record regarding inquiries about our inpatients so there is no confusion over their status in our directory.

Issue: VA Employee reported that four printouts from the BCMA carts containing full Patient information plus the medications they are taking. The Printouts were facing down on the med cart. The printouts were taken off the med cart by a patient.…

Outcome: The supervisors of our inpatient Wards have been asked to speak to all of their employees about the importance of safeguarding the records that are printed to assist them with providing care.

Issue: Veteran A contacted local VA Police over the weekend to report that he had received a package for Veteran B at the home he recently moved into in the last few weeks. Veteran B left no forwarding address. Veteran A…

Outcome: The Veteran who received the package said he would return it to his closest VA clinic for disposal. The package was sent to the address that was correct in the system. Replacement supplies have already been sent to the Veteran's…

Issue: A Human Resource (HR) employee discovered five pieces of paper in a shrub near one of the buildings at the VA Puget Sound American Lake Hospital. It was an "Inpatient Religious Affiliations Listing by Ward," which is typically used by…

Outcome: The chaplain was made aware of the Privacy and Information Security policies by retaking their Privacy and Information Security awareness trainings as well as the HIPAA training. The Director of the Chaplain Service was reminded that his staff must report…

Issue: A letter with (negative) HIV results written to Veteran A from his provider was sent in error to Veteran B who has the same provider. Veteran B's spouse called to inform Alternate Privacy Officer of this error. The Alternate Privacy…

Outcome: On October 1, 2012, PO mailed out the credit monitoring letter to the Veteran. I have also uploaded a copy of the redacted letter in this program. I have talked to the clerk that was working at the team on…

Issue: The Veteran called the Executive Offices at 8:00 AM stating that his privacy had been violated. The Executive Secretary transferred the call to the Privacy Officer (PO). The Veteran stated that a nurse on his Patient-Aligned Care Teams (PACT) broke…

Outcome: Spoke with PACT team member and educated her on checking the medical record for a POA prior to discussing any health care issues with anyone other than the Veteran.

Issue: A traumatic event occurred involving an employee who is also a Veteran. The knowledge of this event was spreading to other employees per workplace chatter in the hospital, at which time we began to monitor the access to this Veteran's…

Outcome: To prevent such incidents from happening again the Privacy Office has written a report of each employee's breach. The reports will go to the employee's supervisors and the Human Resource Department for further action. The Privacy Officer also provided education…

Issue: An appointment list was lost at a Clinical Base Outpatient Clinic (CBOC). The employee was unable to determine what happened to the list i.e. misplaced, shredded or stolen. Update: 09/14/12:A Veteran call the CBOC and said that they had found…

Outcome: Incorporated the use of a clip board in the clinic so lists will be easier to notice. Sent out notification letters.…