South Central VA Health Care Network (VISN 16)

Issue: An employee states they are an employee as well as Veteran and was seen in the Emergency Department and their supervisor states they went into the employee's health record and checked the employee's discharge time due to a discrepancy on…

Outcome: Supervisor has had additional training and knows now that access is not permitted. Appropriate actions taken by service. Letter has gone out to Veteran/employee.…

Issue: Veteran A's belongings were place in a patient's room where Veteran B's belongings were. When Veteran B was discharged from the hospital he left with Veterans A's belongings accidentally. The belonging included his ID card, address, drivers license, and last…

Outcome: All Items were recovered. PO spoke with nursing staff about coming up with a different system for patients clothing.

Issue: The Research Compliance Officer reported during a recent compliance audit that an original consent form that had already been scanned into CPRS was missing. After scanning the original document, the Primary Investigator (PI) is supposed to maintain the original. The…

Outcome: PI counseled about assuring original consent forms are maintained after being scanned into CPRS.

Issue: A service chief reported that employees have been accessing the electronic record of a Veteran who was also a fellow employee who recently passed away. Upon investigation and review of the sensitive record report generated by the Information Security Officer…

Outcome: Facility Director has called and Admin. Board of Investigation on the matter. The ISO office is assisting with putting together a case. Also the entire facility has been put through Infosec and Privacy training again, reset in LMS for a…

Issue: Employee A accessed CPRS to view Employee B's record to identify his birth date for personal reasons. He did not review any other information other than birth date on the employee record. The employee was verbally counseled by his Service…

Outcome: Appropriate actions to be taken - training in regards to staff utilizing the system for personal reasons as well as privacy in general. Letter has gone out to individualwill send redacted copy.…

Issue: An employee (Employee A) accessed another employee's (Employee B) record to find contact information. Update: 04/19/11:Employee B will be sent a letter offering credit protection services due to full name and full SSN being exposed.…

Outcome: The employee received counseling and admonishment. Letter has gone out to the involved individual....…

Issue: On 03/31/10, the Oklahoma City (OKC) VA, Pathology & Laboratory Service packaged & placed a box for delivery to an ViraCor, an outside lab. On 04/04/11, the program support for transplant called the Administrative Officer of Pathology & Laboratory Medicine…

Outcome: Educated staff to ensure labels are securely placed on packages.

Issue: The Privacy Officer (PO) received call from Veteran A. He had requested information from a social worker and in the information he found information from Veteran B it appears to be a Patient inquiry: including, name, address, SSN, phone number,…

Outcome: PO has worked with Social Work Service regarding this incident. Appropriate action taken regarding staff involved. Training and emphasizing the importance of checking information before mailing out.…

Issue: At the end of the day on 04/08/11, a doctor locked and secured a room that contained an accordion folder with radiology order sheets with patients' information on them. Upon returning to work on 04/11/11, the doctor noticed the folder…

Outcome: In addition to being in a locked office, all folders will now be placed in a locked file cabinet with limited key access to the file cabinet.

Issue: The surgery schedule dated 04/07/11 with 21 patients' full names, full SSNs, room, ward, age, preoperative diagnoses and procedures was turned in on 04/08/11to an employee. Veteran A's spouse indicated she found it in the third floor break room. Update:…

Outcome: Surgery AO and Chief have been notified and additional Privacy Awareness training provided.