VA Health Care Upstate New York (VISN 2)

Issue: Veteran A received information of Veteran B by mistake. Veteran A called release of information supervisor to report the error of incorrect documents that he received in the mail. The supervisor told him that she would send him a pre-paid…

Outcome: Credit monitoring letter mailed to Veteran. Staff involved re-educated on safeguards when releasing records…

Issue: Acquisitions and Materials Management employee reported to the Privacy Officer that while in the hallway, he received from a Veteran appointment letters addressed to two other patients that the had found in the ground floor bathroom. The letters had not…

Outcome: Employee re-educated on required safeguarding practicies of patient sensitive information especially when transporting to the mail room.

Issue: During a Release of Information review in CPRS, an invalid authorization signed by the Veteran was noted. The authorization lacked: to whom the information was to be released and 7332 was not checked. The Privacy Officer (PO) confirmed the notes…

Outcome: Staff was disciplined and retrained.

Issue: A Social Worker at the Behavioral Health Outpatient Clinic reported to the Privacy Officer that a client list that she had prepared for her VA supervisor was returned to her outside of the VA while working at her second job…

Outcome: Employee re-educated on the requirements to safeguard sensitive patient information and request for disciplinary submitted to Human Resources in the form of a reprimand by employee's supervisor.

Issue: Release of Information (ROI) clerk faxed 45 pages to a non VA provider. Information contained 7332 protected items which had not been authorized to be released. Update: 05/07/12:The patient will be sent a notification letter due to 7332 information being…

Outcome: Staff were disciplined and educated.

Issue: The Privacy Officer (PO) completed the second quarter Release of Information (ROI) audit for FY12 and identified a total of 16 inappropriate disclosures of Veterans' medical records to third parties due to invalid authorizations. Seven of the inappropriate disclosures included…

Outcome: HIMS Manager reviewed the release of information errors that resulted in privacy violations with the clerks and re-educated them on the required procedures to follow to ensure a valid written authorization has been obtained prior to the release and that…

Issue: Patient A called the Bath Pharmacy stating that he received a hard copy prescription via mail. This hard copy prescription was not for him. It was for Patient B, but was mistakenly mailed to the wrong patient. Patient A was…

Outcome: Administrative Officer met with the staff and advised them that they need to use 2 patient identifiers when sending correspondence outside of the medical center. She could not identify the specific employee who had mailed the information in error to…

Issue: The Release of Information (ROI) office released a note with 7332 protected information without proper authorization. A protected diagnosis was listed in the problem list without being redacted. This was found during an audit of the ROI office. Update: 04/26/12:One…

Outcome: Staff was disciplined and was trained again.

Issue: A patient filed complaint stating that two employees who he used to live with and are past friends of his approached him while he was in the Emergency Department and later in his room when he was admitted to the…

Outcome: Employee educated on being prohibited from accessing a patient's medical record outside a need to now to her job. Human resources confirmed disciplinary action in the form of an admonishment was taken with the employee and on file. Issue resolved.

Issue: Patient A's wife reported that Patient B's medical information was in her husband's medical records. The wife reported that this was identified when Patient A's doctor was asking him about his past medical issues and they weren't issues he had.…

Outcome: The HIMS Manager thoroughly reviewed Patient B's medical record and confirmed that no information regarding Patient A was included. The error was due to an ROI Record Manager software glitch which was previously resolved by VA in 2003.