VA Healthcare System (VISN 10)

Issue: Veteran patient was provided a Fecal Occult Blood Test Kit to take home. Prior to taking the test, Veteran observed that the label on the test was incorrect and informed our Dearborn Community Based Outpatient Clinic (CBOC). The information on…

Outcome: Provided credit monitoring to Veteran. Double check process established to ensure proper mailout in the lab.…

Issue: Without a written authorization from a Veteran/patient, a Release of Information (ROI) staff person released to an ambulance driver a document that contained the following: Veteran/patient's full name and NOK information, home addresss, telephone number, full social security number, date…

Outcome: Privacy Officer contacted the ROI clerk and was provided a response statement as to her reason for releasing the information to the ambulance driver. In her statement she stated that she thought it was for continuity of care. Privacy Officer…

Issue: A VA employee had a family member with her during her tour of duty in a controlled area. The employee also allowed one of the family members to use a VA computer unsupervised. Update: 07/09/12:The employee let her sister use…

Outcome: Sent letters of notification to the 11 affected Veterans. The total count of Veterans at the DOM was 51 and 6 assigned to Women's PTSD area. The only privacy information that could have possible been released or captured were the…

Issue: Veteran A requested his medical records, which contained scanned medical records of Veteran B, C, and D. Veteran A contacted the medical center to inform VA of the incident. Veteran A brought the medical records back to the release of…

Outcome: 2 Letters were mailed to patients. The other patient was not of the VA Medical Center; outsourced hospital sent to us in error. The ROI supervisor researched the incident and found that scanning clerks made the error. All employees involved…

Issue: On 06/19/12, a physician at one of the Community Based Outpatient Clinics (CBOC), inadvertently handed Veteran A two printed Patient Inquiry forms that belonged to two separate Veterans.The Patient Inquiry form contains demographic data, insurance information; dates of treatment, etc..…

Outcome: CHIEF OF STAFF NOTIFIED OF PRIVACY BREACH SO THAT PROPER DISCIPLINARY ACTION CAN BE TAKEN. CREDIT MONITORING LETTERS MAILED ON 6/29/12.…

Issue: A CD containing medical record information was mailed to attorney at the attorney's old address. The mailing was not returned by the Post Office. The CD contained a patient's name full SSN and protected health information (PHI). Update: 07/02/12:The patient…

Outcome: Addressed with employee

Issue: Employee received a packet of forms and papers through interoffice mail not in an envelope and no sensitive mailing labels were used. The packet included a "Claim for Reimbursement for Expenditures on Official Business", "Authorization, Agreement and Certification of Training",…

Outcome: Supervisors in all areas PO investigated for staff who handled the packet agreed to reinforce how to handle sensitive mail with all staff. S. Leister, PO…

Issue: A Service Chief physician accessed the medical records of eight physicians without a legitimate need to know. Update: 05/11/12:The eight phsyicians will be sent HIPAA notification letters since their medical records were inappropriately accessed.…

Outcome: The violation is part of an ongoing administration investigation. VA records confirms that the physician accessed the medical records. Privacy findings are being forwarded to the Director and Human Resources for action. Notification letters mailed to the 7 physicians on…

Issue: The Information Security Officer reported that a call was received from a City Police Officer that 16 patients records were found in a house of an former employee who is now deceased. Update: 05/11/12: The deceased employee was a nurse…

Outcome: 16 medical records were found in the house (in the attic) of a former Dayton VAMC Employee, who is now deceased. The records were discovered by a non-VA employee (new house owner) and reported to the local police department, according…

Issue: Veteran A reported to the Health Resource Center in Topeka that he received a form for Veteran B. The Health Resource Center forwareded the mis-mailed document to the Cleveland VAMC Privacy Officer. Update: 04/27/12:Veteran B will be sent a notification…

Outcome: Supervisor of service notified. She will remind staff to ensure they double checked their outgoing mail. (NOTE: Service belongs to CPAC not the medical center). Letter mailed to patient, and letter mailed to complainant.