VA New England Healthcare System (VISN 1)

Issue: An employee printed an appointment list for Veteran A and gave the list to Veteran B. Veteran B called and reported that they cannot carry it back but have mailed the list back to the facility. Veteran B is concerned…

Outcome: PO received the report from the area supervisor along with the certificate that the employee recompleted Privacy and Information Awareness and ROB Training. Employee was counseled by the supervisor.…

Issue: Veteran A called to report that he received Veteran B's appointment information which included Veteran B's name and diagnosis information. The Privacy Officer (PO) sent Veteran A a postage paid return envelope to return the information. Update: 09/19/12:Veteran B will…

Outcome: VA Boston Privacy Officer contacted Radiology Service to make sure Veteran received pre-test procedure information, determine who the responsible employee was for the inappropriate disclosure, and provide guidance about verifying document before they are sent out to ensure that it…

Issue: Veteran A telephoned the Medical Records Department to report that he received information on Veteran B along with his own medical information. Veteran A reported to the employee on the telephone that he has mailed Veteran B's information back to…

Outcome: Responsible employee counseled by PO and required to re-complete Privacy and Information Security Training. This has been reported to the Chief of Labor Relations and supervisor for any further disciplinary action. Credit monitoring letter completed.…

Issue: On 09/05/12, the Pharmacy Chief provided the Privacy Officer (PO) an incident report that shows on 07/31/12 Veteran A received the prescription information of Veteran B. The report states that the medication was correct but the paperwork did not belong…

Outcome: Notification letter sent to Veteran, employee was spoken to and re educated on packing prescriptions.

Issue: A VA Employee Relations Specialist informed the Information Security Officer (ISO) that a VA employee had copies of two SF-2, Personnel Action Forms, belonging to another VA employee at his home. Update: 09/10/12:It is not known why the employee had…

Outcome: Police, OIG and HR investigating this incident. PO has mailed the credit monitoring letters to the impacted employee and spouse that is also an employee. The remainder of this incident is outside the purview of Privacy and has been elevated…

Issue: Human Resources employee scanned employment documents into the incorrect employees e-OPF. The documents contained the other employees name, address, date of birth and full SSN.. Update: 08/31/12:The other employee will receive a letter offering credit protection services.…

Outcome: Supervisor and HR notified. Employee responsible will be required to re-complete training. Credit monitoring letter mailed today.…

Issue: A Veteran was sent correspondence and a copy of the request for services to her address in an envelope that was unsealed. She brought the envelope and paperwork to the Privacy Officer. Update: 08/30/12:One Veteran will be sent a letter…

Outcome: The Supervisor of the employee was told and ask them to retake Privacy training and put a process in place to prevent this from happening again.

Issue: A Canteen worker found a vehicle decal request unattended in the staff dining room in the cafeteria and handed it to VA police. VA police queried the employee who was working with the forms. She stated that she was never…

Outcome: Supervisor investigating - referred to HR.

Issue: Veteran received an accounts receivable profile in a window envelope. name, address, date of birth, phone number and full social security number were visible. It was returned to the Privacy Officer by the veteran. Update: 08/21/12:Veteran A will be sent…

Outcome: Staff was made aware to check envelopes.

Issue: Va employee handed an evidence file to the employee being charged. The evidence file was not properly redacted. A VA Form 0724 with a list of 20 names of employees along with their last four was contained in the file…

Outcome: Responsible employee's supervisor notified. Employee counseled by PO and required to re complete Privacy and Security Training.…