South Central VA Health Care Network (VISN 16)

Issue: Envelopes that had Veterans' address labels on them were mailed out with different Veterans' names and addresses on the letters inside. All letters seem to come from the Fort Smith Community Based Outpatient Clinic (CBOC) but were addressed to Veterans…

Outcome: The PO re-educated the mail room staff on the importance of ensuring that the correct letter is placed in the correct envelope. The HIPAA notification letters were mailed on 05/29/12.…

Issue: Veteran A requested her medical records. Within the records she received were three EKG reports that had another Veteran's name and full SSN at the top of the page and her name at the bottom of the report. She returned…

Outcome: Referring to Information Technology (IT) to see if they can determine why this printing error is occurring.

Issue: It appears that somehow two records were merged and the individual reporting the incident received another Veteran's medication. The reporting individual has not been established as a patient at this facility as of yet. She only got the person's name,…

Outcome: Letter went out to individual 518 12. There was some type of glitch in the system and that has been corrected. Staff were reminded to make sure that they verify information being doing as they think before saving pharmacy service…

Issue: Veteran A had a procedure on 04/23/12. When the nurse gave him his discharge information she accidently gave him a piece of paper meant for Veteran B. It contained Veteran B's full name, full ssn and date of birth. It…

Outcome: Nurse Manager has sent this up to the Nurse Executive for the final decision on what action to taken. Will be done as deemed appropriate fact finding is complete.…

Issue: A VA employee included a union representative on an email that contained a Veteran's personally identifiable information (PII) and protected health information (PHI) Update: 04/18/12:The Veteran will be sent a notification letter, due to PHI being disclosed.…

Outcome: Individual directed to take PA refresher training. Supervisor responded that individual will received counseling as well regarding the protection of PII/PHI.…

Issue: An employee who is also a Veteran sent an unencrypted email to her provider. She included her own last 4 of her SSN and information asking for a reference letter for surgery for weight loss. The provider then sent the…

Outcome: Acknowledged that both Veteran/patient and provider did not utilize PKI so they both didn't follow policy. Both individuals have been reminded of the appropriate way to send information. Training is current letter has gone out to employee/Veteran.…

Issue: veteran/employee suspects coworkers entered her medical record. expressed concern that others were talking about confidential information that was discussed during treatment. Update: 08/23/12:The Privacy Officer verified there were 20 instances of inappropriate access from five different employees. The employee will…

Outcome: Fact finding revealed 20 instances of inappropriate access. Face to face training completed with those in violation. Redacted Credit monitoring letter uploaded.

Issue: VA shared files were sent to users by accident. The users who opened the files looked at other staff and co-workers' performance evaluations and other personal documents, including the full SSN. It was reported that one employee sent the information…

Outcome: Employees re-educated, trained and made aware of privacy and security issues.

Issue: Veteran A requested copies of his x-ray examinations and received Veteran B's information. The x-ray examinations were on a CD. Veteran A returned the CD to the Director's office who turned it over to the Privacy Officer (PO). Update: 04/12/12:One…

Outcome: Records returned by Veteran. The process of providing and mailing Radiology reports to requestors is being assumed by HIMS release of information staff.…

Issue: Images on 4 patients were sent via UPS to a non-VA facility and reported to the VA as not being received by the intended recipient. Tracking indicates the packages were signed for, however, the institution states that the packages were…

Outcome: Procedures being develop to establish content and address requirements for image distribution.