VA New England Healthcare System (VISN 1)

Issue: Veteran A was given Veteran B's travel payment document. Veteran B reports that he has lost the document. The Privacy Officer is awaiting more information from the Clinic that reported this mishandling and unauthorized disclosure. Update: 04/27/12:Veteran B will be…

Outcome: All attempts were made to recover the document; document lost and not recovered. The supervisors were notified and the Veteran's provider was notified that the information was lost. Provider called veteran to report this and PO sent credit monitoring letter…

Issue: An employee in Compensation and Pension (C&P) sent two other Veterans' information to the wrong Veteran (Veteran A). The information mailed was a C&P Request for Veteran B and a Memorandum for Medical Opinion for Veteran C. The C&P Request…

Outcome: Employee required to retake HIPAA/Privacy Training.

Issue: A Veteran received a medication list for another Veteran attached to his medication list. It was immediately handed back to the clinic staff and placed in the locked shredder bin. Update: 04/26/12:One Veteran will be sent a letter of notification.…

Outcome: Individual was spoken to and was required to retake privacy training.

Issue: Veteran A's medication was mailed to the wrong address. The address in the system was accidently changed to Veteran' Bs address. The Privacy Officer (PO) called the person that received the medications in error and asked if they returned the…

Outcome: Education has been given to the employee to changed the address into the computer.

Issue: Veteran A complained that his ex-wife accessed his VA records and sent personal information to his provider. Update: 04/20/12:The ex-spouse works for Dental Service. The patient believes that his ex-spouse accessed mental health information and sent it to a VA…

Outcome: Employee re-completed HIPAA and Privacy Training along with VA Privacy and Information Security Awareness and Rules of Behavior. Employee also read VHA Handbook 1605.2, Minimum Necessary Standard for Protected Health Information. Employee's Supervisor and HR Chief notified of inappropriate access…

Issue: Patient A was given a wristband with Patient B's information on it. Patient A was admitted and had the same last four digits of the SSN as Patient B. Update: 04/16/12:Patient B will be sent a letter offering credit protection…

Outcome: This was reported to Patient Safety. The Patient Safety Supervisor is interviewing the two employees responsible for the breach. The wristband was retrieved and the credit monitoring letter was sent to the patient who had his information improperly disclosed. Privacy…

Issue: Physician gave 8 letters to admin person to mail, the employee not reviewing the documents thought it was only to be sent to the cover letter address, so she sent all letters to one Veteran. Update: 04/12/12:Seven Veterans will be…

Outcome: Employee was re-educated of safeguarding PHI and ensuring to double check all documents prior to mailing.

Issue: Veteran A requested a sensitive patient access report. The report was mistakenly run for Veteran B with the same last name and same middle name as Veteran A. Veteran A immediately returned report to Privacy Officer. Update: 04/10/12:Veteran B will…

Outcome: PO spoke with all staff involved and emphasized importance of verifying patient information before running report and before handing report to veteran. Staff all up to date on privacy training.…

Issue: Employee A filled out a Report of Contact alleging that Employee B inappropriately asked questions about Employee As brothers inpatient stay to both Employee A and then to Employee As co-workers. Employee As brother is veteran who went through S/A…

Outcome: Privacy violation findings sent to Supervisor and HR. Employee must retake Privacy and Information Security training at a minimum. HR to provide Supervisor guidance on any disciplinary action. Quarterly medical record access report review offered to Veteran. PO sent all…

Issue: Prosthetics Department hand carried a Veteran's shoes to cobbler for modifications. Included with the shoes was the Consultation/Order that included the Veteran's full name, date of birth, address, and full SSN. Cobbler returned shoes and consultation to VA and both…

Outcome: Processes reviewed with Prosthetics Manager. Veteran identification on all orders for shoe repair will be redacted. Only last name and last four of SSN will be included.…