VA NY/NJ Veterans Healthcare Network (VISN 3)

Issue: An investigation of a terminated employee revealed that there was a breach of patient Personal Identifying Information. A review of Employee A's Outlook inbox revealed that Employee A forwarded an Excel workbook containing PII of (31) Veterans to Employee A's…

Outcome: Currently, there is a criminal investigation pending on this former employee. Notification letters have been sent to the patients that may have received the letters requesting reinstatement of the former employee.

Issue: A VA dietician printed IMed consent for Clinical Treatment/Procedure, which contained informaiton on Patient A. Patient B reviewed the form and signed on page 3, not realizing that the form did not contain his personal information. The form contained full…

Outcome: Dietician was informed that all IMed consents should be verified with the patient. Crossing-out is not allowed and/or acceptable. Requested that Dietician request new IMed consent from Patient A. Provided with training regarding respective responsibilities relative to safeguarding sensitive information.…

Issue: A Release of Information (ROI) clerk mailed Patient B's information to Patient A. The Privacy Officer (PO) is in the process of contacting Patient B to see if he received Patient A's records. Patient B's records contained his name, address,…

Outcome: All employees involve were issued a written counseling. They were educated on how to use the double check system that's in place.…

Issue: A Veteran seen in the Emergency Room (ER) upon discharge picked up 6 ER worksheets, one EKG report and one ambulance report of other patients. The Veteran mailed them back to the medical center. All of the worksheets had full…

Outcome: We discussed HIPAA and the importance of securing documents. And the Chief of ER is making procedural changes in ER. And additionaltraining will take place in the next staff meeting.…

Issue: Veteran A came in for scheduled appointment and was given papers about his appointment. When the Veteran completed his appointment he picked up a patient schedule form. The Veteran was called and the patient schedule form was returned. The patient…

Outcome: Employee was instructed to make certain that she gave to the Veteran those documents that belong to him. She is to ensure that the appointment list is notavailable for anyone to pickup, accidentally.…

Issue: Physician A inappropriately accessed Physician B's medical record. Physician B was not a patient and had not received treatment from Physician A at any time. Update: 03/28/11:The medical record included Physician B's name, full SSN, date of birth, and full…

Outcome: This investigation is completed and closed. The recommendation was disciplinary action. Physician A was counseled and will receive a suspension to be determined by Service Chief and Human Resources.

Issue: A VA Employee went into a Veteran A's medical record. Veteran A volunteers in the area. The Medical Center Director wants to provide Veteran A with credit monitoring. Veteran A is uncomfortable knowing that a VA Employee accessed his information.…

Outcome: The Service counseled the employee. The Director wants to provide this patient with credit monitoring even though this may be considered a lowrisk incident. This case was closed in August 2010. It was not entered into PVTS which was an…

Issue: A misdirected mail was sent to the wrong Veteran. The form was a 10-10EZR, Health Benefits Renewal Form. This includes the Veteran's name, SSN and date of birth. Update: 03/28/11:The Veteran will be sent an offer for credit protection services.…

Outcome: Staff was retrained to double check all addresses to to prevent misdirected mail.

Issue: Patient A called to inform us that he submitted a request for copies of progress notes and laboratory results. Patient A's request was processed by ROI clerk and submitted to the wrong address. Patient A and Patient B have the…

Outcome: ROI employee was reminded to read and apply DSS/ ROI software alerts. When the alert titled "mismatched address" appears employee must verify the information prior to processing. Employee was re-educated on the verification of name and address. Privacy education was…

Issue: A research article was published in the pharmacy journal. This article included the start and end date that the patient was on Methadone, the dosage and date of death. We were able to run a fileman in VISTA by using…

Outcome: All staff were retrained on what information can be included in an article. They were given all the fact sheets and handbook on what is considered de-identified data. They were also instructed that they must contact the privacy officer for…