VA Great Lakes Health Care System (VISN 12)

Issue: A packet of copies of 12 medical insurance/Medicare cards (front and back) was found in the Wellness Center by VA employee upon opening this morning. The cards contained the Veterans' name and full SSN. Update: 09/06/11:The Privacy Officeer (PO) doesn't…

Outcome: Re-emphasize the importance of safeguarding PII to staff.

Issue: Release of Information (ROI) clerk released 7332 information in 3rd party ROI request that was not authorized by Veteran A. Update: 08/17/11:Veteran A will be sent a notification letter.…

Outcome: Clerk has been counseled regarding the incident. All ROI staff have been re-educated on applicable laws and regulations that must be followed, including HIPAA, Privacy Act, 7332, FOIA as well as the procedures to be followed when processing a release,…

Issue: Patient A's full name and SSN on a pulmonary function test was put into Patient B's record. Update: 08/09/11:Patient B will be sent a letter offering credit protection services, due to full name and full SSN being exposed.…

Outcome: The report that was put on the wrong Veterans chart was done manually. The department has now implemented a program that will electronically link the report to the correct patient. The department will audit all reports put into the system…

Issue: VA employee reported to Privacy Officer he found inpatient food order slips and hand off sheets unattended on food carts. Privacy Officer went to check other areas and found additional inpatient food order slips and patient arm band on unattended…

Outcome: Information was retrieved. Local policy and procedures were established for proper patient information on printed tray tickets and labels for delivering food to patients. Implemented additional training for the staff regarding handling personally identifiable and sensitive information.…

Issue: A Military Personnel Division employee inadvertently mailed two fitness reports to wrong individuals (each received the other's report), Upon realizing the mistake, both individuals returned the reports and the mistake was corrected. The employee has been counseled and corrective actions…

Outcome: Employee counseled. Refresher privacy training was conducted. Policies and procedures were reviewed and new policies were developed and implemented to ensure this violation is not repeated.…

Issue: Documents containing patient information have been misplaced. The staff are in process of looking for the documents. Update: 07/18/11:Two Patients' information has not been found. The information contained the full SSN, demographics, name, and medical information. The two (2) Patients…

Outcome: Employees have been educated about locking up PHI when not in use.

Issue: A VA consent form with a patient's full name and last four digits of the SSN is missing. Update: 07/08/11:The patient will receive a letter of notification.…

Outcome: The researcher has been educated and has gone over policies and procedures again.

Issue: Fee Service personnel mailed three claims with medical record documentation attached to another VA Medical Center. The mailing label had the wrong ZIP Code. The envelope was not sent via trackable means. The envelope was returned. There was evidence that…

Outcome: When mailing PII and other VA sensitive data, Fee staff will send via trackable method.

Issue: Patient A filled out a Release of information (ROI) request form for copies of her medical records. Patient B's medical records were erroneously mailed to Patient A. Patient A came into the Patient Advocate Office and turned in the copies…

Outcome: Employee counseled on proper procedures when mailing out medical information.

Issue: Veteran A was given Personally Identifiable Information (PII) belonging to Veteran B. Update: 05/23/11:Veteran B will receive a letter offering credit protection services.…

Outcome: The employee has been counseled on the proper procedure for confirming patient's identity before releasing information.