Sierra Pacific Network (VISN 21)

Issue: Copies of 3 patients data were co-mingled together and scanned into one patient's chart. The patient requested copies of his C&P exam which contained 2 other patients' data and his. He reported this, we recovered the data, removed the scanned…

Outcome: Those involved were counseled on attention to detail when faxing copies of reports and also when scanning in documents into the electronic health record. Mishandled copies were recovered and credit monitoring letters were sent to the two (2) affected Veterans/patients…

Issue: Medications for Veterans B and C were dispensed to Veteran A. The medication labels have the Veterans' name, DoB, medication name, directions and Dr. name. The medications for Veterans B and C were returned by Veteran A on 10/31/11. Update:…

Outcome: Pharmacist was inserviced by Supervisor regarding discharge counseling for patients; technician that bagged order was terminated from position.

Issue: An iPhone containing an email with VA sensitive information is missing. The iPhone was not password protected and therefore, the email containing information on 8 patients including: full last name, last four digits of the SSN, and medical conditions may…

Outcome: The phone was immediately deactivated. Notification letters was sent out on November 07, 2011.

Issue: The Project Manager of a Research study contacted the Privacy Officer (PO) that research study consent packets were accidentally sent to the wrong subjects (involves two Veteran subjects). Participation in the research study was coming close to the expiration date…

Outcome: PO, RCO and R&D Office collaborated with whether full SSN are required on the forms. It is the PO's recommendation that the forms are NOT pre-populated to reduce and/or prevent unnecessary risk to the veteran. Once SSN is obtained, it…

Issue: Veteran A received Veteran B's form 10-10EZR which contained personal information including Next-of-Kin and emergency contact information. Update: 10/28/11:The form included Veterans B's spouse's date of birth and SSN. That is the only other person with significant PII included in…

Outcome: Veteran received another Veterans health benefits renewal form. Notification letters sent to Veteran A and spouse. The employee responsible was reeducated.…

Issue: Patient A was discharged from the hospital and requested copies of his record. Copies of Patient B's information were mistakenly intermingled with Patient A's copies. patient B's information that was compromised included his name, full SSN, date of birth and…

Outcome: Credit monitoring letter sent to patient/Veteran. Investigation results were inconclusive how another patient got copies of a visit. It's believed the affected Veteran may have given this copy to the other Veteran/patient during a group session. During interview with the…

Issue: The facility Information Security Officer (ISO) ran a daily audit report and discovered that a VA employee, who is the wife of Veteran A, accessed his medical records Update: 10/19/11:The employee did not have authorization to access the spouse's record,…

Outcome: The Privacy Officer (PO) will discuss this incident with wife (employee) and she will have to review and re-sign the Rules of Behavior. PO sent out a notification letter to the spouse on 10/27/11.

Issue: A cardboard box that morgue staff apparently use to hold documents for shredding until they can take the documents to a Shred It bin disappeared from the morgue area over the weekend. According to the morgue staff some of the…

Outcome: The PO and ISO met with the morgue staff and the following corrective action were taken:The temporary shred box has been removed. It was suggested that the staff get a locking cabinet to retain any PHI for future use. Talked…

Issue: SFVAMC typically orders stains from Pathology, Inc. (reference laboratory) and the turnaround time is less than a week. On 10/13/11 HL, staff physician (pathologist) contacted Pathology, Inc. to follow up on an order and was told it had been returned…

Outcome: The credit monitoring letter has been prepared and signed however we would like to know whether UPS should offer and/or pay for the credit monitoring since they were responsible for the package at the time it was unaccounted. Please note…

Issue: The Privacy Officer (PO) received phone call from Veteran A stating he had received letter in the mail and attached was Veteran B's test results. The test results included Veteran B's name, address, lab results and diagnosis. Update: 09/28/11:Veteran B…

Outcome: Privacy Officer talked with staff, need to verify PHI prior to sealing envelopes.