VA Great Lakes Health Care System (VISN 12)

Issue: A Tomah employee accessed another Tomah employee's medical record without authorization. The Supervisor counseled the offender. The offender's computer access has been suspended pending an investigation by Human Resources (HR) and Supervisor. Update: 11/28/11:One employee will be sent a letter…

Outcome: Supervisor counseled employee and are working on further actions to employee.

Issue: QTC Medical Services (QTC), a VBA contractor, mailed VHA and DoD information from the Captain James A. Lovell Federal Health Care Center (FHCC) to their offices. It was boxed at Lovell FHCC and moved within two rooms in a VA…

Outcome: The credit monitoring letters have been mailed. The contractors involved no longer have access to VA/DoD medical records. They will continue to receive information for the exams they provide for the Benefits Delivery at Discharge Program directly from VA Regional…

Issue: "Confidential VA paperwork" was found in a public area of a contracted VA homeless program by one of their employees. Information regarding at least two (2) Veterans was on paperwork. The employee did not realize this and returned the paperwork…

Outcome: All VA staff who work in the community will utilize a locked box/briefcase to transport VA files. Staff have been re-educated on proper handling of protected health information (PHI) and constant awareness of documents. Staff have been reminded that all…

Issue: The complainant, who is a Veteran and a VA employee, alleges that the Women's Veterans Program Coordinator for the Milwaukee VAMC, called the complainant's mother (also VA employee) and asked the complainant's mother if a person with a name identical…

Outcome: I informed the VAMC Director of the results of the investigation that a privacy breach likely did occur here. The Director has been out all this week and possibly next week, so he asked that I brief the Chief of…

Issue: A Resisted Nurse (RN) received a call from a friend of a patient had recently expired. RN told Patient A's friend that they had expired, and provided phone numbers of family members. Family is now upset that information was provided…

Outcome: Clinical staff have been re-educated on appropriate verbal and written disclosure of patient and family member information including what constitutes legal authority/authorization for release of information.

Issue: A third party Release of Information request was sent to a doctor's office for one patient's information however it was filled out with four patients' information, which contained full SSN and medical information. Update: 09/23/11:The four patients will receive a…

Outcome: Information was recovered. Employee re-took Privacy and Information Security training. Employee received disciplinary action, as recommended by Supervisor and HR.…

Issue: Veteran A's lab letter was included in Veteran B's lab results. Information in the letter included: lab results, Veteran A's name, address, and last 4 of the SSN. Update: 09/20/11:Veteran A will be sent a notification letter due tp PHI…

Outcome: Staff already educated on appropriateness and letter corrected. Veteran was mailed his lab letter.…

Issue: Veteran A called the outpatient patient pharmacy and stated that he had received the correct medication and the correct paper work for the medication. However, his paper work had Veteran B's name on it. In talking to the outpatient supervisor…

Outcome: Education was provided to the staff on the appropriateness of making sure all mailings are correct.

Issue: Veteran A received Veteran B's prescription in the mail. Veteran A promptly called the CBOC and returned the information. Update: 09/12/11:Veteran B will be sent a notification letter.…

Outcome: Education was provided to staff on importance of accuracy.

Issue: A VA Fellow/Attending Employee sent VA patient's full name and SSN along with medical conditions through the Medical College of Wisconsin (MCW) e-mail system and copied the e-mail to over 50 MCW individuals. We are working with the IT staff…

Outcome: VA employee has re-taken the Information Security training course and presented the certificates directly to the ISO. Business Partner MCW's IT department has cleaned their servers. Employee supervisor took disciplinary action on employee and ISO talked with employee on the…