South Central VA Health Care Network (VISN 16)

Issue: Employee A's electronic health record was inappropriately accessed by Employees B and C. Update: 02/05/13:Employee A will be sent a HIPAA notification letter.…

Outcome: Personnel action taken, policy and procedures reviewed as well as system accesses.

Issue: HHS/OCR complaint from a VA employee/Veteran alleging impermissible access to her health record by 10 co-workers not involved in her care. Update: 03/01/13:The employee will be sent a HIPAA notification letter.…

Outcome: Employee's found in violation required to retake training. PO and ISO will also be conducting privacy training that has been made mandated for all employee's that will educate these employee further on Privacy Issues. Letters of Action has been sent…

Issue: Veteran A called the pharmacy and reported he had received the prescription of Veteran B. Veteran A stated the address on the mailing envelope was his address but he has never received services at this VA. Veteran A's first and…

Outcome: Supervisor and employee notified about error and requested to make appropriate changes to patient's record. Supervisor requested to provide additional education to employee about following policy when making changes to the patient record. Veteran A requested to return prescriptions which…

Issue: A patient went to the emergency department (ED) and received the wrong individuals discharge instructions. The instructions included: name, SSN, and DoB as well as information from the visit. The patient didn't notice he had the wrong information until he…

Outcome: Staff have revised processes to assure that another individual reviews before the information is provided to the Veteran. Training is ongoing. .…

Issue: Veteran contacted Release of Information to say they had received another Veteran's lab results. The individuals both have the same last 4 of their SSN and their last names both start with an R. It appears the individuals name and…

Outcome: Appropriate actions being discussed with HRMS regarding the incident. Training has occurred in part of the area and is planned for the other staff involved in releasing of information next week…

Issue: VA employee received copy of SPAR report and is questioning why 21 employees access her CPRS record. Update: 03/20/13:The employee will receive a HIPAA notification.…

Outcome: Referred to supervisor for appropriate disciplinary action. In addition, supervisor included privacy training during recent section mtg regarding VHA employee use and or access to PHI and III.…

Issue: A discussion in an Institutional Review Board (IRB) meeting revealed a privacy violation regarding recruitment. The facility doesn't know how many Veterans' records were accessed, nor how many Veterans' Protected Health Information (PHI) was collected/used in the recruitment activities. Also,…

Outcome: Research Compliance Officer is working with the involved PI regarding issues with this study. Please see attached letter that went out 3 11 13 to the individuals who's consent could not be located in the audit... please close ticket…

Issue: An employee gave Veteran A's identification card to Veteran B by accident. Veteran B returned the identification card to the facility the next day. Update: 01/11/13:Veteran A will be sent a letter offering credit protection services.…

Outcome: VIC card retrieved and returned to owner.

Issue: A prescription for Veteran A was released locally for mail out on 12/13/12 but was shipped to Veteran B. Both Veterans had the same medication at the same strength. Veteran B also received medication for Veteran A. The information in…

Outcome: PO has spoke to Supervisor and Chief of Service of TOPC pharmacy. New equipment has been ordered for install to help prevent future incidents of this nature.

Issue: In a Tell It To The Director letter a Veteran states that his now ex-wife accessed his records and read them without his permission. Divorce granted 8/15/12 according to The Oklahoma State Courts Network website. He states that she used…

Outcome: Employee took privacy and information security awareness, signed the rules of behavior and took privacy and HIPAA training. Employee was also referred to Human Resources for appropriate administrative action.…