VA Mid South Healthcare Network (VISN 9)

Issue: A VA RN accessed the records of her husband. The information was accessed through VISTA Web in New Hampshire. The New Hampshire Privacy Officer (PO) contacted me after an audit of records was done. Update: 03/18/14:It is not known why…

Outcome: Spoke with employee and she stated that she was new to VA and did not realize that she could not do this as she is his caregiver. I explained the policies and procedures with her and indicated that she could…

Issue: Patient A received Patient B's lab results. Information on the lab results contained PHI, Full Name, Full Address, Last four of SSN. This was outside of VA control for more than 72 hours. Update: 03/12/13:Patient B will be sent a…

Outcome: Re-educated staff on proper mailing of PHI.

Issue: Employee accessed Veteran/Employees electronic medical record without authorization. Information contained in the record was FULL SSN, Full Name, Home Address, PHI and home phone number Update: 03/08/13:The employee will be sent a HIPAA notification letter.…

Outcome: Recommended employee retake privacy training and disciplinary action.

Issue: The Secretary of the Surgical Service requested that a security log be run to determine if anyone had accessed her records. It was determined that there are two employees who have accessed these records. The employees will be questioned by…

Outcome: I interviewed the employee, who is very familiar with privacy policies and regulations as this is the 4th time in my office for privacy violations. I explained to the employee once again the regulations and policies surrounding inappropriate access to…

Issue: Veteran A received Veteran B's appointment letter. Veteran A returned the letter. Information on the letter contained Veteran B's full name, address and last four digits of the SSN. It was outside of VA Control for longer than 72 hours.…

Outcome: Re-educated staff about proper mailing of PHI.

Issue: Veteran A received Veteran B's payment Letter. Veteran A has been asked to return the letter. Information contained Veteran B's full name, last four digits of the SSN, home address, diagnosis/payments. This was outside of VA Control for more than…

Outcome: Re-educated staff about properly mailing PHI.

Issue: VA Patient A received a medication list written for Patient B. Patient A did not realize that he received the wrong medication list until he called the VAMC Tele-care Pharmacy line to inquire about his most recent medication prescribed by…

Outcome: Privacy Officer and Supervisor who manages the Program Support Assistants at the Specialty Clinic where the incident happened met with staff and educated them to be diligent and use effective identification process to identify the right patient before checking them…

Issue: Veteran called stating that he came into Release of Information Office to get a copy of his records. He stated that when he returned home and starting looking at the records, he realized these were someone elses records. Update: 03/01/13:The…

Outcome: Alerted Section Chief of this incident. She has taken care of speaking with employee with regard to the importance of checking information before place in an envelope.…

Issue: A VA Patient was discharged by a nurse at GI Lab for outpatient procedure, and was inadvertently given the wrong medical records which had another patient's personally identifiable information (PII). When the patient left the hospital he realized that he…

Outcome: During the fact-finding process, two VA staff accepted full responsibility for the incident, but explained that it happened by accident. A staff from the GI Lab entered patient data incorrectly into Endoworks system during pre-procedure session which subsequently rolled over…

Issue: Veteran A received Veteran B's prescription mixed in with his discharge paperwork. The information contained Patient B's full SSN, Full Name, and date of birth. It was outside of VA control for more than 72 hours. Update: 02/22/13:Veteran B will…

Outcome: Re-educated staff on proper handling of PHI.