South Central VA Health Care Network (VISN 16)

Issue: Two employees of the Alexandria VAMC accessed the record of a recently deceased employee. The Information Security Officer (ISO) has asked for justification in record and had Information Resource Management (IRM) to disable users' account until investigation is completed by…

Outcome: Credit Monitoring Letter has been sent out by Privacy Officer. Employees in violation have been disciplined by HR.…

Issue: Veteran/Employee requested a sensitive record report because he believes one of his co-workers might be inappropriately accessing his medical record. Sensitive Record Report showed that employee in question did access the complainant's CPRS record on one occasion July 30, 2010.…

Outcome: Employee's CPRS access has been revoked. All documentation sent to HR and awaiting decision on appropriate disciplinary action.…

Issue: On 08/01/11, a Veteran/employee requested a Sensitive Record Access Rreport because he suspected one of his co-workers might be inappropriately accessing his medical record. A Sensitive Record Access Report showed that the employee in question accessed his record on three…

Outcome: Employee's access to CPRS has been removed and disciplinary action to be taken.

Issue: A Veteran employee suspected that a co-worker had inappropriately accessed his CPRS file and requested a Sensitive Record Access report be run to show who had accessed his record from 07/20/08 through 07/01/11. The report was run and identified one…

Outcome: Employee's CPRS access has been removed. All documentation forwarded to human resources labor management specialist for appropriate disciplinary action.…

Issue: An employee mailed an eyeglass voucher to a patient which reflected the patient's name and full SSN in the window of the envelope. Update: 08/01/11:One patient will receive a letter offering credit protection services, due to full name and full…

Outcome: The employee was provided education, training and awareness on inappropriate disclosure of individually identifiable information and the importance of attention to detail in handling III. Mailroom staff will also received awareness training on screening outgoing mail that may inappropriately reveal…

Issue: A Veteran employee suspected a co-worker had been inappropriately accessing his CPRS record and requested a Sensitive Record Access report be run to identify who had accessed his record from 1/2009 thru 7/25/2011. The report revealed one co-worker had accessed…

Outcome: Employee's CPRS access has been removed and all documentation sent to human resources labor management specialist for appropriate disciplinary action.

Issue: Veteran A returned medical records for Veteran B mis-mailed to him by the facility. Update: 07/26/11:Veteran B will be sent a letter offering credit protection services, due to full name, full SSN and DoB being disclosed.…

Outcome: Responsible employee provided additional training and instruction by immediate supervisor on proper procedures for completing ROI request. Additional review implemented prior to release of information as preventative measure.…

Issue: A Veteran employee reported that he thought some of his coworkers might have accessed his electronic medical record. He asked that a sensitive record report be run so that he could review. The report was provided to the employee on…

Outcome: Employee's CPRS access has been removed and awaiting final disciplinary action to be taken.

Issue: A VA employee gave the wrong discharge instructions to Veteran A and possibly Veteran B. The Privacy Officer (PO) is still investigating to determine if the employee mixed up both of them or just one. The discharge instructions included the…

Outcome: Nursing staff will be more attentative in the future and separate their papers so this will not happen again. Patients discharge instructions copy are to be printed that do not print with the social security number.…

Issue: A Veteran's 7332 information was mistakenly released to his provider by a Release of Information clerk without authorization. The information was released along with other documents that the Veteran had authorized. Update: 07/21/11:One Veteran will receive a letter of notification…

Outcome: Supervisor educated the employee on 7332 Sensitive information training and how to perform word searches in CPRS to fill requests for specific information. Supervisor has assigned release of information and privacy courses in TMS for the employee to complete.…