VA Mid-Atlantic Health Care Network (VISN 6)

Issue: It was reported on 11/07/11 by a Logistics employee that the vehicle of a KCI USA, Inc. representative was broken into on 09/08/11 and a mobile device containing VA sensitive information was stolen. Upon discovery of the theft, KCI USA,…

Outcome: Credit monitoring letters have been sent out to potentially affected individuals. This incident was the result of a purchase order that was not reviewed by the ISO or the Privacy Officer. Normal contracts are already reviewed by each sites ISO…

Issue: During his medical appointment, a Veteran picked up and asked to take a "Housing and Urban Development and the Department of Veterans Affairs Supported Housing (HUD-VASH) Handbook" with him. The provider allowed it since she thought the Handbook was for…

Outcome: Additional training was provided to staff in this specific workgroup (HUD-VASH). Since this workgroup is part of the Mental Health Service Line (MHSL), I also went to one of their staff meetings and conducted privacy training to the 30+ employees…

Issue: A Veteran called to report she received 3 other Veterans' test results in the mail. The documents included the Veterans' names, partial SSNs and test results. The Privacy Officer (PO) spoke with the Veteran and her daughter who stated they…

Outcome: Secretary who sent letters by mistake was counseled by supervisor and educated regarding the protection of Veteran privacy.

Issue: A VA Provider on the locked psychiatric unit reported he misplaced a binder with notes on Veterans. Repeated searches have not located the binder. Update: 10/28/11:The provider was taking notes on his patients so he could enter progress notes into…

Outcome: Employee has been counseled by Service Chief and reminded of properly safeguarding information.

Issue: On 10/17/11, a Work Without Compensation (WOC) employee/Research Assistant took nine (9) full names of Veterans, address, full social security number, and telephone number from the VA to Duke to recruit Veterans for a research study. The protocol called for…

Outcome: PO states the entire staff is to attend informational training session. Review Scopes of Practice with each staff member regarding what their duties are and clearly delineate what each staff member's responsibility is. PI is to put together a curriculum…

Issue: Veteran A received Veteran B's laboratory test results information by mail. Veteran A's wife is a VAMC employee who immediately secured the information until she could return it at work. The information disclosed was the name and lab results of…

Outcome: Staff re-training on policy and procedures.

Issue: Community Based Outpatient Clinic (CBOC) Administrative Officer (AO) received a call from a Avis Car Rental Manager in Conyers, GA saying that they received a fax containing a Veteran's personal information. He stated that he stopped the fax from printing…

Outcome: Employee failed to verify fax number. The number was taken directly from providers notes. Remedial training provided by supervisor.

Issue: Copies of Veteran A's CPRS record was mailed to Veteran B. Veteran B returned the information to local CBOC. Update: 10/19/11:Veteran A will be sent a letter offering credit protection services due to full SSN being disclosed.…

Outcome: Responsible employee has been counseled.

Issue: A Veteran received another Patient's information. The Privacy Officer (PO) sent a return envelope for the information to be returned to the VA. The letter apparently is a lab results letter, that contained full SSN, name, and medical information. The…

Outcome: The corrective action taken: Privacy Officer provided training to staff to ensure there is only one letter in each envelope mailed to the veteran. Privacy Officer will monitor on a monthly basis to maintain compliance.

Issue: Outpatient Veteran A received medication container with inpatient Veteran B's name and last four label on the top. Did not discover until he was home. Notified pharmacy and returned medication container and label on next visit. Update: 10/07/11:Veteran B will…

Outcome: Procedures reviewed with pharmacy staff to preclude repeats of this error.