VA Mid South Healthcare Network (VISN 9)

Issue: Veteran Spouse brought an appointment letter back to the registration window which had been given to her husband with the wrong patient name and last four SSN. The appointment was entered on wrong Veteran. The letter had not left the…

Outcome: Employee responsible reminded of the need for caution when handling documents with PII & confirming patient ID.

Issue: Documents for (former) Employee A were scanned into the electronic personnel folder of Employee B. Employee B discovered the documents and reported them. They have been removed but it is unknown how long they may have been in the folder.…

Outcome: This did not happen at our facility; the scanning was done away from here. Nothing we can do locally to mitigate.…

Issue: On June 27, 2011, the BCMA Coordinator found a print out (dated June 25, 2011), of ID clinic patient appointments, in the trash can outside the ID clinic. The specific title of document is, "Team Patient Autolink/Team 5 Med." The…

Outcome: 7/13/11 - The attending physician and residents, which comprise Medical Team #5, have the ability to print this inpatient list. Medical Team #5 staff was interviewed but we were unable to determine who is responsible for placing the inpatient list…

Issue: A bottle of medication belonging to Patient A was included in a bag of Patient B's medications. The bottle of medication was returned to the Pharmacy. Patient A's name and type of medication was compromised. Update: 06/24/11:Patient A will receive…

Outcome: Staff reminded to use caution when handling documents with PII

Issue: A patient list dated 06/07/11 for a VA program was left in a conference room. The list contained the names and last four digits of the SSN for 16 patients. This conference room is used for a variety of purposes.…

Outcome: Staff reminded to safeguard documents with PII and, if possible not to ask for any portion of SSN

Issue: Patient A came in to receive 2 units of blood. When Patient A returned home, he realized that he had Patient B's armband on. He immediately called the facility to let them know and expressed concern that he may have…

Outcome: The MSA who placed the armband on the patient was just temporarily filling in for another employee. Employee was counseled with regard to placing the incorrect armband and making sure the check information before placing on patients. The employee has…

Issue: A VA physician employee stored patient information on his personal laptop. It may possibly have been stored for research purposes. At this time the Privacy Officer (PO) is unable to determine how many patients are involved. The PO secured the…

Outcome: We initially revoked access. A AIB was completed and we recovered all information. Employee gained access after completing Information Security and Privacy Training and passing a quiz given by ISO and PO.

Issue: The Patient Advocate (Nashville campus) contacted the Privacy Officer (PO) to report this incident. Veteran A received her medications in the mail. A medication label, belonging to Veteran B, was included in the package. The medication label contained Veteran B's…

Outcome: The PO investigated and found the incident was due to a human error. Prescription instruction papers print in a batch with no separators between patients. If the employee (who reviews the paperwork) does not carefully check each sheet, a single…

Issue: Someone left a consultation sheet in the public restroom. It was printed @ 1pm today and found @ 3pm so it could not have been unsecured for more than a couple of hours. Update: 05/19/11:One Veteran will receive a letter…

Outcome: Unable to identify individual who left document in restroom; email to all employees, reminding them to be cautious with PII/PHI.

Issue: A resident left his patient lists in the snack bar of the facility. The Privacy Officer (PO) saw him in the snack bar at 7:00 AM on her arrival. The Information Security Officer (ISO) found the paperwork just after 7:30…

Outcome: The PO reminded the resident that documents containing personally identifiable information (PII) and protected health information (PHI) must be safeguarded at all times.