VA New England Healthcare System (VISN 1)

Issue: An Appointment list was dropped in the parkinglot by a VA employee. The ISO found and secured thelist and provided to the Privacy officer. Update: 07/17/12:Five (5) Veterans will be sent letters offering credit protection services due to full name…

Outcome: Awareness and education was provided to the Fellow responsible for this breach. The COS was involved with providing awareness to the Clinical Service line as to the importance of protecting Veteran infomation.

Issue: A list of three Veterans, that included full name, full SSN , and phone numbers was mailed to one of the Veterans on the list. Update: 07/11/12:Three Veterans will be sent letters offering credit protection services.…

Outcome: Employees retrained in privacy and made aware of their error and ramifications. Credit monitoring letters mailed to veterans.…

Issue: Veteran A handed the Privacy officer a letter that had a sensitive diagnosis checked off and a release form with the Veteran B's full name which Veteran A received in the mail in error. The envelope was made out to…

Outcome: Education was give to the Billing staff who sent the information to the wrong person in error. They were asked to retake the Privacy training.…

Issue: Veteran A received medical records from Manchester VAMC Fee Basis Department from Employee A. Veteran A also received Veteran B's medical records. The records contained the last 4 of the SSN, full name, medical diagnosis and treatment. Veteran A received…

Outcome: The employee has been educated on the importance of protecting patient information and has been asked to retake the Privacy Training.

Issue: Lab results including a Veteran's medications, name, address, SSN, and date of birth were mailed to the wrong Veteran (also a VA employee). The information was fully recovered and shredded. Update: 07/05/12:One Veteran will be sent a letter offering credit…

Outcome: Education on the need to protect PHI/PII has been completed with the staff involved.

Issue: The Privacy Officer (PO) received call from Employee reporting that a Veteran brought him a green log book with 13 names and SSNs to turn in. The log book was in a box located on top of a shredder bin…

Outcome: Employee produced training certificate, supervisor notified. Green log book destroyed properly. Notification letters mailed today.…

Issue: A Patient approached a Medical Support Assistant in regards to a computer on wheels (cow) cart left unattended in ward hallway. It was not locked and contained a patients full social security number and medical information. The employee then contacted…

Outcome: Staff was educated to prevent further incidents.

Issue: Veteran A reported that he had received test results of Veteran B. Veteran A returned the results to the VA the next day. Update: 06/18/12:Veteran B will be sent a notification letter. Veteran B's full name and test results were…

Outcome: PO ask physician to clearly indicate, using a post-it or another acceptable method, each Veteran's letter to be mailed. PO to provide training to clerks on safeguarding patient information on 7/12/2012, which will include verifying each document to ensure it…

Issue: On or about 0930 hrs on 05JUN2012 a call was placed to the MICU staff nurse in Building 1 of the VA BHS West Roxbury, MA. campus. The caller was the spouse of a Veteran located there. The caller asked…

Outcome: PO placed sensitive flag on Veteran's medical record. Notification letter sent. HR Labor Relations Chief and Supervisors will be notified when the employee is identified. The employee will be required to recomplete Privacy and Security Training and read the Minimum…

Issue: A VA Employee in Release of Information (ROI) gave Veteran A information to Veteran B. The information handed to the wrong patient was a CD from diagnostic imaging and radiology reports. The information contains the Veteran B's Full Name, SSN,…

Outcome: Employees required to retake HIPAA/Privacy Training