VA Mid-Atlantic Health Care Network (VISN 6)

Issue: A VA provider mistakenly gave a copy of an appointment list that contained the names, full SSN's, and the reason for the appointment to a Veteran. The list had 10 Veterans' names. The Veteran noticed he had the list and…

Outcome: Notification letters mailed on 3/9/12, re-educated provider on safeguarding PHI.

Issue: Veteran A received laboratory results that belonged to two other veterans. Veteran B's and C's lab result and full name was disclosed. Update: 01/23/12:Veteran B and C will be sent a notification letter.…

Outcome: Training and Education conducted for the employees in the new CBOC facility in North Carolina. Employees will evaluate each letter and envelope before the letters are mailed to the veterans. Privacy Fact sheet on the Use and/or Access of Protected…

Issue: On 01/13/12, at approximately 4:30 PM, Doctor A noticed that his personal unencrypted MacBook Air laptop was missing from his office which was being gutted for new carpet placement. The laptop was last seen by Doctor B between 2:00 PM…

Outcome: The letters were uploaded to the portal and mailed on 02/01/12. The Doctor has been notified not to store sensitive information on his laptop. The ISO requested improved physical security for the area with either use of the existing locks…

Issue: An Environmental Management Service employee found 2 working copies of death certificates and a HINQ printed by a VA employee in a clinic housekeeping closet. Three Veterans were involved. Investigation in progress. Update: 01/10/12: The three Veteran's Next of Kin…

Outcome: Employee who misplaced paperwork was educated to the importance of protecting patient health information in his possession while in route to different portions of the medical center. He was encouraged to utilize a VA envelope to transport future paperwork.…

Issue: Physician printed out treatment plan information for one Veteran. The second Veteran's treatment plan information was on the printer at the time and was stapled to the first veteran's information. Information exposed was Veteran B's full SSN, name and medical…

Outcome: Education and Training given to the Providers who left the information on the printer and to the provider who did not carefully monitor the information picked up from the printer.

Issue: A Veteran's medical records were sent from the Winston Salem VBA Regional Office (RO) to the Salisbury VAMC by courier unprotected. The records were not in an envelope. The records were viewable to any individual who may have handled them.…

Outcome: The "Winston-Salem community based outpatient clinic" The VBA Regional Office sends records to the W-S CBOC because that is where most of the compensation and Physical examination for Veterans who are requesting service connection for a disability are performed. The…

Issue: A Release of Information (ROI) request for Veteran A was processed on CD-Rom. The CD contained the medical information for Veteran A and Veteran B. Update: 12/27/11:Veteran B will be sent a letter offering credit protection services due to full…

Outcome: Provided training and education to the appropriate employees.

Issue: Employee A observed Employee B receiving medical care and opened Employee B electronic chart to find out why Employee B was there. The chart contained Employee A name, full SSN, and protected health information. Update: 12/23/11:Employee B will recieve a…

Outcome: Employee to receive additional training by supervisor and appropriate administrative action by service chief.

Issue: Employee A's document was scanned into Employee B's electronic Personnel File. Employee B discovered the error and reported it. Update: 12/20/11:Employee A will be offered credit protection services as his full SSN and DoB was disclosed.…

Outcome: Credit monitoring letter issued. HR Leadership to address with staff and review necessity for accuracy.…

Issue: Veteran A was discharged to a non-VA nursing home on 12/16/2011. Relevant paperwork necessary for nursing home admission (medical progress note) was sent with the family of Veteran A as they transported him to the nursing home. Paperwork contained a…

Outcome: Provided education/training/awareness to employee who disclosed documents. Also, chief of the service plans to remind everyone of privacy standards at next staff meeting.…