Phoenix VA Health Care System

Issue: Today, 09/16/14, the Privacy Officer (PO) received this report. This morning NPC informed that one of the patients she saw today, accidently took her daily appointment patient list. This list does provide Veteran personal information. She was able to contact…

Outcome: 09/18/14: The Incident Resolution Service Team has determined that seven Patients will be sent letters offering credit protection services. 10/07/14: Update: Six (6) Patients will receive letters offering credit protection services.…

Issue: On, 08/21/14, staff reports that another staff member accessed his Medical Record and/or Occupational Health record without his permission. The other staff member is in same department. He had previously requested a sensitive patient access report (SPAR) but could not…

Outcome: 09/15/14: Dialogue with Chief does not contradict the finding that this appears to be an unauthorized access. The access permissions were not set for the position despite prior functional category review and other similar duties to this date/time. No objective…

Issue: Today, 8/20/2014, CLC-1 Nurse Manager found a report entitled, End-Of-Shift, under her door as she opened her office. On the back-side of these four (4) pages, there was a handwritten note. It indicated that report was found by a Veteran…

Outcome: 08/21/14: The Incident Resolution Service Team has determined that 20 Patient will be sent a letter offering credit protection services. 09/25/14: Since the incident occurred two of the Veterans have become decesed. Next of Kin letters will be sent to…

Issue: On, 8/16/2014, a supervisor reports that Veteran B returned a copy of Veteran A's medical records. Veteran B had requested a copy of medical records on 8/15/2014. An hour later, Veteran B returned to turn in Veteran A's records. Veteran…

Outcome: 08/18/14: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: Today, 07/28/14, Employee-Veteran who is on leave, filed a privacy complaint to the Privacy Officer (PO) that all staff aside from PO listed on his Sensitive Patient Access Report (SPAR), accessed his medical record without his permission or business need.…

Outcome: 08/02/14: PO update -- Discussed with Asst. HAS Chief to identify staff on SPAR. Seven emails were sent today to identify staff members to begin investigation. Contacted HR to ensure that prior investigations had determined actions that would reconcile with…

Issue: Today, 07/24/14, The Release Of Information (ROI) Technician reports to Privacy Officer (PO) that Veteran B requested his colonoscopy report of 03/03/11. Later, Veteran B realized that this report contained Veteran As full name, DOB, full SSN, and full study…

Outcome: 07/24/14: The Incident Resolution Service Team has determined that Veteran A and B will be sent a letter offering credit protection services.…

Issue: Today, 07/18/14, a VA employee reports to the Privacy Officer (PO) that her leave donation form with personally identifiable information (PII) was emailed without her permission to the leave recipient and his/her timekeeper. The sender told the employee that the…

Outcome: 07/21/14: The PO discussed with Human Resources (HR) Chief. She has assigned this to a new staff member for investigation and discussion with PO. 07/22/14: The Data Breach Core Team determined that a general notification letter would be sent to…

Issue: Today, 07/10/14, the Privacy Officer (PO) received a report from a secondary source that an employee has exercised her CPRS access/permissions to view/enter notes in Veteran-boyfriends chart as a caregiver. Chart is now sensitive. Additional documentation, pending. Referral of case…

Outcome: 08/20/14: Supervisor found that staff access was not appropriate to her role. Complaint moved to incident status. Notified Supervisor and VA Police of 2 other possible cases and asked them to advise PO of any potential privacy findings. 09/12/14: Discussed…

Issue: Today, 07/09/14, a security report was run of sensitive charts. It showed Staff As access into Staff Bs chart. Staff B reports lack of official reason for chart access and files privacy complaint. Additional questions regarding staff As access of…

Outcome: 07/13/14: This case was reviewed extensively with VHA Privacy Office last week over the course of several days. The conclusion is that the access of the chart by a VA Police Officer exceeded the minimum necessary. All VA Police Officers…

Issue: Veteran reported to Patient Advocate office with documents on 4 patients that were on the medical ward that he was just discharged from.

Outcome: 07/06/14: The Incident Resolution Service Team has determined that four Veterans will be sent letters offering credit protection services.…