VA Healthcare System (VISN 10)

Issue: A pharmacy resident placed a binder, containing a list of 32 inpatients (including full SSN, names, dates of birth and medications) in a backpack. The backpack was tossed in the trunk of his car. The resident went to dinner on…

Outcome: Pharmacy Resident met with his Supervisors immediately after incident occurred, after which time, he resigned. For new Pharmacy, Psychology and Psychiatry residents expected in July, they will be expected to attend New Employee Orientation, as is the current practice. In…

Issue: A Release of Information (ROI) Clerk, while processing a request from Veteran A for a copy of his DD-214, accidentally handed him the DD-214 of Veteran B. The DD-214 was taken to the office of the Veteran Service Officer (VSO)…

Outcome: P.O. MET WITH EMPLOYEE TO REMND HIM OF THE NEED TO PROCESS ROI REQUESTS CAREFULLY TO ENSURE THAT NO PRIVACY BREACH OCCURS.…

Issue: Veteran A accidentally picked up and took home a copy of patient schedule (with full names, SSNs) and printed prescription for Veteran B (with full name, SSN). It appears the Veteran placed copies of his lab results on the providers…

Outcome: Credit Monitoring Letter signed by Director, put in mail 4/17/12 and should go out this same afternoon. Time delay due to patient A living 2 hrs from the CBOC and waiting for patient A to mail back the papers accidentally…

Issue: Information was accidentally faxed to the wrong fax number. The recipient of the information contacted the Release of Information (ROI) Section to report receipt of the information. The Privacy Officer called the individual who received the information by mistake and…

Outcome: Privacy Officer will do a second check of all forms faxed to Community Agencies to make sure that phone and fax numbers are correct.

Issue: A VA patient stated that a Community Based Outpatient Clinic (CBOC) employee disclosed personal information (SSN, medical information, child support, etc) to his ex-spouse. The patient states he is dating the VA employee's ex-spouse. There are non-privacy related issues that…

Outcome: Employee placed on AA until HR completes their portion. A copy of the supporting documentation was sent to the Supervisor for appropriate personnel action. Employee's access to the network was terminated on 2-27-12. Credit Monitoring mailed on 3-16-12. Redacted copy…

Issue: VA Patient A received his lab results and the lab results on three other patients. Patient A contacted VA about the Release of Information (ROI) error and shredded the lab results on the three other patients. This was reported by…

Outcome: Credit Monitoring letters mailed on 3-7-12, redacted copy uploaded to PVTS. Consider case closed. Supervisor will monitor outgoing mail.

Issue: Four Veterans called the VA stating they received Fugitive Felon Letters with the wrong SSN and DOB. A family member of one Veteran returned the letter. The other 3 stated they would mail the letters back to the Fugitive Felon…

Outcome: Service Chief counseled employee on 2-24-12. Supervisor will review all outgoing letters to ensure they're correct.

Issue: Release of Information staff member mailed a Veteran's medical records via US mail to VA Regional Office and they cannot be accounted for. Update: 03/28/12:Correspondence clerk sent records on 12/1/11 and entered on the transaction "all records from 1995- present."…

Outcome: Release of Information staff person mailed Veteran's medical record via US mail (unsecured delivery) to VA Regional Office and the records cannot be accounted for. After a thorough search the records still cannot be accounted. To prevent reoccurrence, the ROI…

Issue: Veteran A was given the discharge instructions that were intended for Veteran B. The discharge instructions contained Veteran B's name, full SSN and medical information. Update: 02/08/12:Due to full SSN and discharge instructions being exposed, Veteran B will be sent…

Outcome: Training was conducted on discharging Veterans and ensuring proper documents are provided to the Veteran.

Issue: A Non-VA Government Agency sent an unencrypted email containing a Veteran beneficiary's full name, full SSN, date of birth along with information about a legal issue involving Municipal Court to multiple email addresses to include VA Staff. A member of…

Outcome: The Information Security Officer (ISO) discussed in depth with the supervisor and facility management regarding "due care" and methods for ensuring encryption either between agencies or prior to reply or forward, to remove personally identifiable information (PII) or encrypt. The…