VA Mid South Healthcare Network (VISN 9)

Issue: The Privacy Officer was contacted by Chief, Pharmacy regarding the following:A Veteran contacted the pharmacy to report he did not receive his controlled medication in the mail. Upon inquiry, Pharmacy found the medication was delivered on August 18, 2012, but…

Outcome: 8/28/12 - Upon inquiry, the Pharmacy, Nashville Campus, found the medication was delivered to the Veteran's previous address on August 18, 2012 and signed for by an individual unknown to him. The Chief, Pharmacy ran a query on the Veteran's…

Issue: As a result of an Information Security Officer (ISO) audit of access, there were four confirmed incidents of misuse and/or inappropriate access of employees' records by employees. These have been reported to the respective Service Chiefs. Names, dates of birth…

Outcome: Service Chiefs of the respective employees have been notified and they have indicated that all access were in error and the employees have been trained on the correct procedures and information security policies concerning access to automated information.

Issue: A VA Employee Medical Photographer left his camera unattended on his desk with the door shut but unlocked. He returned 20 minutes later to find the camera missing. The camera contained six photographs of one Veteran which included the Veteran's…

Outcome: Facility photographer was spoken to about safeguarding his equipment with patient information on them. The police were notified and they are still looking for the equipment. Facility photographer was counseled about locking his door when he steps away from his…

Issue: Patient A was given a medication list that belonged to Patient B. The Privacy Officer (PO) is trying to confirm where the error was made but believes it was during a primary care appointment The medication list included Patient B's…

Outcome: Staff reminded to be cautious when handling documents with PII.

Issue: A patient created a medical power of attorney (MPOA) and named his sister as his representative. If she was "unable, unwilling or disqualified to serve", he named his adoptive son as his MPOA. A few days later, the adoptive son…

Outcome: Reminded staff to ensure proper authority exists before releasing PII/PHI.

Issue: The Privacy Officer (PO) at the Nashville Campus)was contacted by Veteran A regarding the following:Veteran A is followed at the Murfreesboro Campus. Today, Veteran A received test results in the mail from his Primary Care Provider. The information also included…

Outcome: 8/22/12 - Upon inquiry, the Privacy Officer found the primary care provider qued Veteran B's notification letter to print in the Business Office (Murfreesboro Campus) where it was manually folded by a clerk and inadvertently placed in an envelope being…

Issue: An employee found a document containing standing orders and a treatment plan for a patient. This document contained the name, address, full SSN and the Protected Health Information (PHI) of one patient. Update: 08/08/12:The patient will receive a letter offering…

Outcome: Staff reminded of the importance of securing documents with PII.

Issue: On 08/08/12, the Privacy Officer (PO) of the Nashville Campus, was contacted by the Secretary, Chief, Business Office of the Murfreesboro Campus, who stated a Volunteer was currently in her office and wanted to report a privacy complaint. The Privacy…

Outcome: 8/15/12 - PO found incident was due to a human error. The ROI clerk did not check the records for accuracy before mailing the documents. This is the clerk's first violation. Verbal counseling given by supervisor. CM letter mailed.…

Issue: A progress note was mailed to the wrong patient. When the request was reviewed, it was found that someone had entered Patient B's address on Patient A's request. It is believed (but not confirmed) that an employee was helping Patient…

Outcome: Staff reminded to be more cautious when handling documents with PII.

Issue: A Business Office employee found an inter-office HIPAA envelope on her desk addressed to her. Once she picked it up, she noticed that the envelope had already been opened. It is alleged the Business Office employee who receives mail for…

Outcome: CM Letter has been completed. Incident has already been referred to the Business Office for appropriate action to be taken against the employee involved. In addition, education will also be provided to the other clerks who handle mail in this…