Phoenix VA Health Care System

Issue: Today, 06/24/15, the Privacy Officer (PO) received a report of an unauthorized disclosure of personally identifiable information/protected health information (PII/PHI) to known multiple parties, including the next of Kin, AZ State Nursing Home, and EMS. Veteran A presented from the…

Outcome: 06/25/15: The Incident Resolution Service Team has determined that there was a policy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.…

Issue: Today, 06/23/15, the Privacy Officer (PO) received a document via inner office mail from a supervisor reporting a privacy incident. Veteran As document, This is your next step of care was recovered from Veteran B. By report, Veteran B was…

Outcome: 06/24/15: The Incident Resolution Service Team has determined that there was a policy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.…

Issue: On, 6/11/2015, Veteran reports a privacy complaint to PO. Veteran had previously contacted both Patient Advocate and PO who had returned messages, making contact today. Veteran describes that her address had been erroneously changed, resulting in misdirected mail to another…

Outcome: Based on the Veteran's documentation provided showing that we sent a letter to this erroneous address and the supervisor's investigation confirming that we changed an accurate address to this address, ticket was changed to an Incident. 06/23/15: The Incident Resolution…

Issue: On 04/22/15 and 04/29/15, a research study staff member consented two patients to the study using a rescinded HIPAA authorization, and made disclosures for each of the two to a financial services company (Greenphire, LLC, King of Prussia, PA) assisting…

Outcome: 06/04/15: The Incident Resolution Service Team has determined that two Veterans will be sent a letter offering credit protection services.…

Issue: On 05/06/14, a Veteran patient was consented to a VA research study with an invalid HIPAA authorization (signature not dated). On 05/27/15 during a routine internal Quality Assurance audit, the study staff noticed the signature page of the HIPAA authorization…

Outcome: 05/28/15: The Incident Resolution Service Team has determined that there was a policy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.…

Issue: Today, 05/19/15, an employee reported to the Privacy Officer (PO) that her employee health information was shared by her supervisor without her permission. The employee relates 4-5 instances where the supervisor sent emails regarding specific medical leave status and condition…

Outcome: 07/08/15: The Incident Resolution Service Team has determined that the employee will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed without authorization or a need to know.…

Issue: Today, 05/15/15, a family reported to staff who reported to the Privacy Officer (PO) that the Veteran's confidentiality was not protected by the Opt-Out process. The Veteran is currently an inpatient who chose Opt-Out. At some time during his stay,…

Outcome: 06/04/15: The Incident Resolution Service Team has determined that Veteran A will be sent a notification letter.…

Issue: Yesterday, 05/07/15, a privacy complaint was made to the Privacy Officer (PO) by an Employee/Veteran of inappropriate chart access by two (2) staff. A Sensitive Patient Access Report (SPAR) was the basis of the complaint. The complainant could not identify…

Outcome: 06/02/15: The Incident Resolution Service Team has determined that the employee/Veteran will be sent a HIPAA notification letter due to Protected Health Information (PHI) being inappropriately accessed.…

Issue: Today, 05/06/15, the Privacy Officer (PO) was provided with a privacy incident report per Veteran report on 4/17/15. The Veteran originally reported the privacy incident to Pharmacy when he sought 2 requested medications. Review determined that the Consolidated Mail Outpatient…

Outcome: 05/06/15: The Incident Resolution Service Team has determined that the Veteran will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: On 04/30/15, the Privacy Officer (PO) received a report of records provided to Veteran B, by mail, intended for Veteran A. The records were mailed on 03/26/15. Veteran B returned over 100 pages of medical records to the facility today.…

Outcome: 05/01/15: The Incident Resolution Service Team has determined that Veteran A will be sent a letter offering credit protection services.…