VA Greater Los Angeles Healthcare System (GLA)

Issue: A Veteran contacted an employee's supervisor and reported that a Medical Support Assistant (MSA) employee is discussing personally identifiable information (PII) and protected health information (PHI) with a roommate who is discussing the Veteran on Facebook.

Outcome: 06/24/15: The Incident Resolution Service Team has determined that the Veteran will be sent a letter offering credit protection services.…

Issue: The Office of Public Guardian (OPG) contacted the Privacy Officer (PO) while on the Mental Health (MH) ward to interview a patient who has a conservator. Once the PO arrived, it was observed that the staff had given the OPG…

Outcome: 5/8/15: The OPG contacted the conservator for the court date, and informed her of the chart access through the minute order. 06/02/15: Based on the standing order to provide information to OPG, the fact that no 7332 protected information was…

Issue: A VA employee disclosed a voucher for payment of Veteran B to Veteran A by attaching it to Veteran A's paperwork. Veteran A returned it to the Homeless Coordinator.

Outcome: 04/23/15: The Incident Resolution Service Team has determined that Veteran B will be sent a letter offering credit protection services.…

Issue: VA Employee A accessed Employee B's medical record trying to determine if the record was blocked after Employee B told him that Veteran Employee records were blocked. He also tried accessing his own medical record unsuccessfully. Employee A called Employee…

Outcome: 12/17/14: The Incident Resolution Service Team has determined that Veteran B will be sent a notification letter.…

Issue: Employee A reported that he received a notification from his OPF that included employee B's SF-52 resignation.

Outcome: 10/01/14: The Incident Resolution Service Team has determined that there was a policy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.…

Issue: A patient had a surgery this morning and sent his mother in to the Community Based Outpatient Clinic (CBOC) to pick up pain medication. Patient stayed in the car. The nurse explained to Patients mother that partial prescription was dispensed…

Outcome: 10/09/14: The Incident Resolution Service Team has determined that the Veteran will be sent a notification letter.…

Issue: A colonoscopy result was mailed to the incorrect patient and was returned to the Bakersfield Community Based Outpatient Clinic (CBOC) by the patient who received it.

Outcome: 08/05/14: The Incident Resolution Service Team has determined that one Patient will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed. 08/11/14: Update: An SSN was also involved. The Incident Resolution Service Team has determined…

Issue: On 05/29/14, an RN took a patient roster home without permission, while Absent Without Official Leave (AWOL), and returned it on 05/30/14, after her supervisor found out and contacted her. The roster contained the name, partial SSN, and medical information…

Outcome: 06/06/14: The supervisor who reported the incident will be off until Tuesday. The Privacy Officer (PO) sent her an email. The PO will update the ticket when the supervisor responds. 06/10/14: This is what the PO received from the supervisor.…

Issue: A Veteran beneficiary submitted her Social Security card, drivers license, and divorce papers to the Business Office for a name change at a location other than the main facility and the information was mailed to the main facility but was…

Outcome: 06/02/14: With the information provided, the Incident Resolution Team has determined that no data breach has occurred. Appears to be fault of the US Postal Service. 07/07/14: The Veteran submitted the paperwork to the VA Business Office. The paperwork for…

Issue: A Veteran's girlfriend who is also the mother of his child accessed his medical records without the proper authority and outside the performance of her duties.

Outcome: Data not available.