VA NY/NJ Veterans Healthcare Network (VISN 3)

Issue: Employee A contacted a family member to inform him of Veteran B's current personal and medical condition. Employee A requested that the family member get copies of the local newspapers to read about a news story that was published involving…

Outcome: Employee was reassigned to another department. Employee was educated on the improper disclosure and penalties /sanctions imposed for direct violation of the Privacy Act.

Issue: Employee A placed employee B's W2 form in an interoffice envelope and placed the envelope in a public mailbox. Employee B did not receive the W2 form and has reported it missing. Update: 04/27/12:Employee B will be sent a letter…

Outcome: Employee was instructed to use Privacy/HIPAA envelopes as appropriate. Employee was instructed to contact end users to obtain consensus of how to deliver documents whether it be in person or via mail. Employee was instructed to review policy 04-02HV Earnings…

Issue: A VA Hudson Valley Employee sent VA Sensitive Information unencrypted from a VA Outlook account to a personal email account. The Hudson Valley Information Security Officer (ISO) and Privacy Officer (PO) are conducting fact finding and will update this ticket…

Outcome: The employee has been terminated from the Department of Veteran Affairs. The Laptop had been reviewed for any saved proprietary or sensitive information by the IG Investigator with negative findings. The employee was interviewed by the Hudson Valley Police Service…

Issue: Employee A requested a copy of the Sensitive log and discovered that Employee B accessed his record without permission. Update: 09/27/12:Employee A will be sent a HIPAA letter of notification.…

Outcome: Employee B was issued a disciplinary action for accessing a patient/employee record without authorization.

Issue: Privacy Officer from VA Regional Office in San Diego notified us that the wrong patient information was mailed out by one of our staff members. We are contacting the staff member to meet for a Fact Finding interview. Update: 04/11/12:Veteran…

Outcome: After our fact finding interview it was discovered that the wrong mailing label was placed on the package before it was sent out by our mail room. The staff was been re-trained to prevent this from happening again. We are…

Issue: Veteran A called in and reported that he had received a package addressed to him with Veteran B's information inside the package. In the telephone call, Veteran A provided Veteran B's full name and SSN, but no other details of…

Outcome: It was sent UPS to Veteran A's address to pick up package and have it delivered to Privacy Officer VARO San Diego. Upon receipt, Privacy Officer determined that disclosure occurred due to mismailing by VAMC NY Harbor. Privacy Officer at…

Issue: A supervisor in the Rural Health Department was concerned about her employee who had not come to work. She tried to contact him by phone. When the home phone number listed for him in his personnel folder yeilded no answer…

Outcome: The Veteran/employee was notified of the privacy violation on 3/6/12. The supervisor was educated about proper access to medical records and required to retake the Privacy and Information Security Training and sign the rules of behavior. HR was notified of…

Issue: A Veteran called and reported that he received a letter from VA and his full SSN was on the envelope.Update: Upon further investigation it was 73 Veterans whose information was on the outside of their envelopes. Update: 02/14/12:The Veteran will…

Outcome: Credit Protection Services have been offered and processes will be reviewed to ensure the mismailing of information does not reoccur.

Issue: A supervisor stated a binder containing their employees' performance appraisals was stolen from their locked office. It was reported that the employees' name, DOB and last 4 of SSN were on the documents. 16 employees perfomance appraisals were included. Update:…

Outcome: The temporary binder is now destroyed since the site visit it was needed for is over. After the first binder was taken another binder was created and locked in the cabinet. Next time the employee will keep it in a…

Issue: Employee A faxed a Lyme Disease form containing sensitive patient information to the wrong fax number. The party that received the fax contacted the facility to inform it of the error and faxed the form to the facility for proper…

Outcome: Privacy Officer will provide additional face to face training to Nursing employees that fax sensitive personal information. Employees requested to review facility's current Privacy and FOIA policy. Encouraged employees to add fax number of the Dutchess County Department of Health…