VA Mid South Healthcare Network (VISN 9)

Issue: A Medical Services Assistant (MSA) accessed the records of her co-worker inappropriately. The co-worker asked for a security audit log to find out if the MSA did indeed access the records inappropriately. An interview with the MSA is scheduled for…

Outcome: Employee admitted to accessing the records of co-worker. Stated they felt it necessary due to co-workers injury would have something to do with work load. I explained to employee that is not considered in the performance of their duties. In…

Issue: Two Veterans called and spoke with the Privacy Officer alleging that a VA employee is accessing and sharing their medical information with outside individuals who have no need to know. On Monday (8/8/2011, a guy called and reported to the…

Outcome: The VA employee who was investigated provided excuse that as a VA employee, she has right to log into CPRS\VistA to look up and provide information to patients. She insisted the complainant called to ask her to verify his upcoming…

Issue: A Veteran reported that he received 4 patients' information in the mail in addition to his lab report. The information contained the 4 patients' names, full SSNs, addresses, phone numbers, and protected health information (PHI). It was outside of VA…

Outcome: Unable to determine the employee that sent this paperwork. Provided privacy training to all employees in this service area.…

Issue: A Veteran/employee requested from the Privacy Officer (PO), a Sensitive Access Report (SAR) to determine accesses to her record. Upon review of the SAR the Veteran/Employee noticed another employee within the same Service had accessed her CPRS records, twice on…

Outcome: After PO investigation, it was confirmed one access to this record was considered inappropriate. CM Letter has been prepared and a redacted copy is attached. Privacy complaint letter was also sent to complainant. Disciplinary action was taken against the employee…

Issue: A notification letter for an appointment for Patient A was sent to Patient B. The letter contained the name, last four digits of the SSN and address of Patient A, as well as his appointment information. Patient B notified the…

Outcome: Staff was reminded to use caution when handling documents with personally identifiable information (PII). The PO was unable to retrieve the letter.…

Issue: The mailroom placed Patient A's mailing label on the bag of prescriptions that should have gone to Patient B. The two patients have the same name (except middle initial). Update: 08/08/11:Patient B will be sent a notification letter.…

Outcome: Staff reminded to ensure proper identity of patient before mailing.

Issue: A pharmacy resident accidentally gave a clinic appointment listing to a patient. This listing had the names, full SSNs and diagnoses of two other patients. When the resident discovered the error, he actually went to the patient's home and retrieved…

Outcome: Employee reminded to be cautious when handling documents with PII.

Issue: Patient A received 3 Fee Basis letter for another veteran. Update: 08/10/11: Due to medical information being exposed, Veteran B will be sent a notification letter.…

Outcome: Unable to determine employee that double stuffed envelope. Increased employee awareness by creating a screensaver.…

Issue: Patient A received a label intended for Patient B. The label had Patient B's name, address and medication name as well as information (dosage, use, etc) regarding the medication. Update: 08/08/11:Patient B will receive a letter of notification.…

Outcome: Staff reminded to use caution when handling documents with PII.

Issue: On 07/13/11, the Privacy Officer (PO) at the Nashville campus received a written request from a Veteran/Employee for a Sensitive Access Report (SAR). SAR was provided to the Veteran/Employee. On 07/14/11, the Veteran/Employee reported two employees (his supervisor and a…

Outcome: 8/24/11 - Through PO investigation, it was determined the two employees' accession of CPRS records was inappropriate. Both employees will receive a formal counseling which will be included in their six (6) part folder. CM letter mailed.…