VA Health Care Upstate New York (VISN 2)

Issue: A Release of Information (ROI) clerk released the wrong record to a requestor. This was discovered when Veteran A asked for an accounting of disclosures. Veteran B's name, address, full SSN and protected health information (PHI) were disclosed. Update: 03/02/12:Veteran…

Outcome: Reviewed with ROI staff on importance of details. Privacy training redone.

Issue: A Daily Travel schedule was found on the ground in the employee parking lot by a VA employee when parking his car. The schedule was folded. It was found near the VA vans. The schedule was dated 02/13/12 and was…

Outcome: Notification letters sent out to Veterans and one NOK. Entire staff of drivers educated on the importance of protecting PHI and PII. Travel immediately deleted the inclusion of the last four SSN from their Daily travel document.…

Issue: The Privacy Officer (PO) completed the first quarter Release of Information (ROI) audit for FY12 and identified a total of 19 inappropriate disclosures of Veterans' medical records due to invalid authorizations. Six of the inappropriate disclosures included the release of…

Outcome: Chief of Health Information Management re-educated the ROI Clerks on the requirements of valid HIPAA-compliant authorization. In addition, these violations were reported to Human Resources and disciplinary action applied in the form of a reprimand to both ROI clerks due…

Issue: Veteran Patient A called to report that he had been given a specimen sample bottle that contained a label with Veteran Patient B's information on it (full name, full SSN, and DOB). Veteran A was going to remove the information…

Outcome: On 02/01/12, the clinical area manager completed reeducation on patient privacy and proper procedures with all staff. Patient A sent the original label containing Patient B's information on it and it was received by the Alternate PO on 02/02/12.3/7/12 Credit…

Issue: Patient A contacted the Privacy Officer to notify her that he had received Patient B's medication in error. Patient A reported that he had received prescription medications on more than one occasion for Patient B in the past week and…

Outcome: Per the Pharmacy Manager, the protocol is for staff to verify addresses on returns before resending the prescription. He has reviewed the importance of address verification/clarification on all returns with the pharmacy staff. Notification letter sent to Patient B.

Issue: The Canandaigua Privacy Officer (PO) failed to lock a file cabinet as instructed by the Acting Health Information Management (HIM) Manager. Subsequently, employees removed their own employee files from the file cabinet. The VISN PO handling the incident since the…

Outcome: Records were moved to a secure location. Reported to local police for investigation.…

Issue: A Regional EEO Manager from the Office of Resolution Management (ORM) contacted the Syracuse VA Privacy Officer to report that an employee from the medical center had faxed sensitive patient information to the EEO Counselor at ORM with other documentation…

Outcome: The Privacy Officer retrieved the copies of the patient's medical records from the VA ORM to ensure proper destruction. The Business Office Manager re-educated the employee about required privacy practices in reference to patient record access and disclosure in order…

Issue: The Outpatient Pharmacy had an error where three prescriptions intended for Patient A were delivered to Patient B. Patient B had one prescription but was delivered all four. Both patients were contacted by the Pharmacy and all the prescriptions were…

Outcome: The Outpatient Pharmacy Supervisor re-educated the staff about the requirement to confirm patient identifiers before mailing prescription packages at the monthly staff meeting.

Issue: Emergency Department Nurse Manager reported that Patient A had received Patient B's discharge instructions in error. The Nurse Manager reported that the Emergency Room Department (ED)attending physician discharging Patient A, completed the discharge instruction sheet for Patient A with Patient…

Outcome: The attending physician was notified of the error by the nurse manager and Chief of ED and was re-educated on the required protocol to confirm the patient's identification before releasing the discharge instructions.

Issue: CD for Release was mailed to wrong requestor. Sent UPS, requestor opened file, realized it was the wrong veteran and immediately called. The Medical Center has asked them to return CD to VA. The CD contained full SSN, name, and…

Outcome: CD returnted from requestor. Staff educated and secondary check put in place.