Tennessee Valley Healthcare System

Issue: On 06/15/15, Veteran A reported to the Patient Advocate, Nashville Campus, he received a letter from Release of Information (ROI), York Campus, which contained a 10-5345-a (Individuals Request for a Copy of Their Own Health Information) belonging to Veteran B.…

Outcome: 06/17/15: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: The Privacy Officer (PO) was made aware of this incident from the Release of Information (ROI) Staff: On 06/09/15, a non-VA Provider's Office faxed an ROI Authorization to the TVHS ROI Office (ACY Campus) for them to receive medical records…

Outcome: 06/11/15: The Incident Resolution Service Team has determined that no data breach has occurred. The document was seen only by a HIPAA covered entity.…

Issue: Veteran As wife contacted the Privacy Officer (PO), Nashville Campus, regarding the following incident. Veteran A received a Patient Notification Letter in the mail. Enclosed in the envelope was also a Patient Notification Letter belonging to Veteran B. Arrangements were…

Outcome: 06/08/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: On 06/02/15, while at a scheduled Dental appointment, Veteran A inquired to a VA Dental employee about why he would have received two appointment letters for a Compensation and Pension (C&P) Exam. Veteran A provided a copy of both appointment…

Outcome: 06/03/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Veteran A received a Patient Notification Letter in the mail. A Patient Notification Letter belonging to Veteran B was also enclosed in the envelope. Veteran A returned Veteran B's document to the Patient Advocate, Nashville Campus, who reported the incident…

Outcome: 06/02/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Veteran A received a package in the mail, addressed to him, which contained medications belonging to Veteran B. Most of the medications were from a private pharmacy but the package did contain one medication from TVHS. Veteran A realized the…

Outcome: 05/28/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Today, a Lead Medical Support Assistant, Nursing Service, Nashville Campus, found a patient label on the second floor stairwell outside the Richard Franc Conference Room, Nashville Campus. The patient label belonged to a Veteran who was recently hospitalized on 2N…

Outcome: 05/27/15: The Incident Resolution Service Team has determined that while there was the potential for unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.…

Issue: A Veteran, who is currently hospitalized on 3N, stated he overheard his provider discussing his HIV diagnosis with another employee in the hallway. The Privacy Officer (PO) will enter this ticket as a complaint. If the allegation is substantiated, PO…

Outcome: 05/18/15: The Provider discussed the lab results with the Veteran from the doorway of the Veteran's room. The Veteran stated the individual in the room next to his heard the discussion. The Provider admitted he discussed the lab results from…

Issue: On April 27, 2015, Veteran A went to the VA Tullahoma Outpatient Clinic to report and to turn in documentation he received in the mail that did not belong to him. Although the cover page did contain Veteran A's name…

Outcome: 04/27/15: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: A billing statement was returned undeliverable. Upon investigation, the Privacy Officer (PO) found the Veteran had a convoluted address in the system which consisted of two addresses combined into one. A portion of this address matched that of the Attorneys…

Outcome: 04/21/15: The Incident Resolution Service Team has determined that while there was an unauthorized disclosure of information (name and address), the Personally Identifiable Information (PII) involved, does not meet the criteria to require credit protection services or HIPAA notification.…