VA Midwest Health Care Network (VISN 23)

Issue: Veteran A had an appointment with his medical provider. He left a pamphlet in the exam room. Folded inside the pamphlet were paper copies of his lab results. Veteran B had an appointment with the same medical provider. The nurse…

Outcome: The employee who sent the documents in error was advised that in the future, she needs to ensure the identity of the document owner rather than making the assumption that they belong to the last person in the exam room…

Issue: An outside agency reported receiving a fax from the VA facility regarding a prescription that was sent to them. The fax was sent to the incorrect fax machine number. The prescription and information pertaining to Veteran A included his full…

Outcome: Education provided to all staff by CBOC clinic Coordinator.

Issue: A Sensitive Patient Access Report was run on a Veteran who was a former employee who passed away. Employee names showed up on the report as potential unauthorizaed access to the medical records. The Privacy Officer (PO) investigated and asked…

Outcome: PO recommended action be taken. HR proposed 30 day suspension. Executive leadership removed proposed action and felt employee accessed record within her job duties.

Issue: A Sensitive Access monitor log reported a VA employee accessing a sensitive patient record. The Privacy Officer (PO) requested the employee to provide written justification for accessing the medical record. The employee indicated she accessed the record by mistake and…

Outcome: No violation found by privacy officer.

Issue: Veteran A reported receiving Veteran B's X-ray results in the mail with his own results. The note included Veteran B's full name and address along with the X-ray result information, The information was not returned to the VA but reported.…

Outcome: Awareness provided to volunteers by the Chief of Volunteer service.

Issue: Two employees inappropriately accessed Employee C's medical record. Update: 09/20/11:Employee C will be sent a letter offering credit protection services due to full name, full SSN being accessed inappropriately.…

Outcome: Evidence sent to HRMS for disciplinary action.

Issue: Veteran A received Veteran B's lab results with their lab results. Veteran A returned Veteran B's lab results to the VA. The letter included Veteran B's full name, address, diagnosis and lab information. No 38 USC 7332 information was involved…

Outcome: Retrieval of letter. Talked to volunteers who send out letters.

Issue: A insurance card buffer patient list was attached to a letter to another veteran. This list contained 10 individuals full names, and full SSNs Update: 09/13/11:Ten (10) Individuals will be sent letters offering credit protection services due to full name…

Outcome: Attached credit monitoring letter. Education/Training was given to staff.…

Issue: A Provider left a folder with her patients' information on the top of her car at home and drove off and it blew off the side of the street. Two individuals in the public noticed them as they drove by…

Outcome: Sent redacted letters for promo codes. Disciplinary action along with education was given to the provider along with a meeting with myself and clinical staff regarding prohibiting the practice of bringing physical patient information home.…

Issue: The Information Security Officers (ISO) were looking through the Sensitive Patient Access Report and came across an employee accessing a Veteran/employee's chart. The ISO gave the report to the Privacy Officer (PO). The PO will follow up with the employee…

Outcome: One day without pay suspension.