VA Health Care Upstate New York (VISN 2)

Issue: A Hospital-Based Home Care Provider notified the Privacy Officer (PO) that paper copies of a patient's external medical records were missing from his office. The provider reported that he had placed the records on top of his trash bin to…

Outcome: The provider was notified that housekeeping does have keys to his office for the purpose of cleaning off hours to not interrupt patient care. In addition, the provider was educated to ensure all PHI/PII in his office is properly secured…

Issue: Patient A presented to Primary Care Clinic and reported that he had received several copies of Patient B's medical records when receiving his own in the mail. The copy of Patient B's medical records were turned into the Administrative Officer…

Outcome: The records were retrieved from the patient that received them in error and properly destroyed. In addition, the records requested by Patient B were re-printed by the Release of Information Department and sent to the patient. Lastly, the HIMS employee…

Issue: During a Release of Information (ROI) audit, the Privacy Officer noted a release was not sufficient to release 7332 protected information. The Privacy Officer confirmed the progress note does have drug abuse info. Update: 03/25/13:The Veteran will be sent a…

Outcome: Staff educated on invalid form.

Issue: VA employee has been informed by human resources that their background investigation packet is missing. Update: 03/25/13:Employee A will be sent a letter offering credit protection services.…

Outcome: Human resources has restarted background investigation process; submitting documentation to Office of Personnel Management electronically for VA employee to apply for higher level investigation.

Issue: VA Veteran/Employee alleges that VA Employee accessed protected health information (PHI) in their Veteran medical record without authorization and further disclosed PHI to another VA Employee without authorization. Update: 04/22/13:Employee A will be sent a notification letter.05/28/13:This was determined to…

Outcome: Investigation has determined that VA Veteran/Employee allegation that VA Employee accessed protected health information (PHI) in their Veteran medical record without authorization has been substantiated. Documentation obtained supports findings of impermissible access. VA Employee not available to address findings of…

Issue: Patient A reported that she received Patient B's letter regarding thyroid sonogram results when receiving her own letter regarding testing results from the Women's Health Clinic. Patient A reported to the Administrative Officer (AO) for Primary Care that Patient B's…

Outcome: The WHC staff who are tasked with sending the letters were re-educated by the AO on the requirement to confirm patient identifiers before placing the letter in the envelope for mailing.

Issue: The Privacy Officer (PO) received a restricted email from a Physician's Assistant (PA) in Orthopedics that she received from an employee inquiring about his father-in-laws appointments. In the email the employee stated that he noticed that his father was supposed…

Outcome: Privacy Officer and Administrative Officer for Primary Care re-educated the employee on the requirement to only access a patient's record on a need to know basis to do his job. In addition, the AO submitted the request for disciplinary action…

Issue: A Postal employee returned four pages of documents from a Veteran to the VA . The documents were printed from the Release of Information department and mailed to the Veteran. The Veteran was contacted to report the event and asked…

Outcome: Credit Monitoring letter sent to Veteran. Documents printed for Veteran again and sent via Fed Ex traceable delivery.…

Issue: Records Manager found employee had a copy of his Veteran brother's record in his desk. The Records Manager has secured a copy and notified the supervisor. The Privacy Officer (PO) needs to review releases to determine who had processed the…

Outcome: Unable to determine why it was in desk. Employee assigned to that record had previously sat there. Current employee unaware of file. Supervisor interviewed and concurs. letter attached

Issue: Employee A went into her electronic OPF file and found Employee B's performance rating in her file. She contacted Human Resources (HR). HR has removed the file from the wrong employee and re-scanned to the correct employee Update: 03/07/13:One employee…

Outcome: item deleted from wrong eOPF file and scanned to correct file. Staff member educated on importance of double checking all pages and names on documents. Reviewed other employees eOPF that this employee scanned to make sure no other issues. None…