VA Palo Alto Health Care System

Issue: An employee accessed his wife's (employee) electronic record to look up her SSN because he was filling in a form requiring her SSN and he was unable to get ahold of her.

Outcome: 04/09/15: The Incident Resolution Service Team has determined that there was a privacy violation. No data breach has occurred.…

Issue: An employee posted a Veteran's family picture on her personal Facebook wall with comment. The comment included the Veteran's first and last name and diagnosis. The Veteran did not give her an authorization.…

Outcome: 04/08/15: The Incident Resolution Service Team has determined that the Veteran will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: An employee accessed another employee's (non-Veteran) electronic record. Demographic information was possibly viewed because the employee is not a Veteran and has no electronic health records.…

Outcome: 03/10/15: The Incident Resolution Service Team has determined that Veteran A will be sent a general notification letter.…

Issue: A letter and pre-filled Release of Information (ROI) Form 10-5345 containing Veteran A's full name, last 4 digits of the SSN, home address and office visit date was sent to two Veteran's switching their addresses.

Outcome: 03/06/15: The Incident Resolution Service Team has determined that Veteran A will be sent a notification letter.…

Issue: An employee requested a copy of Sensitive Access Report (SPAR) and 37 individuals from the list for us to investigate. After a thoroughly investigated 36 entries were justified. One individual was not able to provide a valid justification of accessing…

Outcome: 02/27/15: The Incident Resolution Service Team has determined that the employee will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Veteran A received Veteran B's lab results in the mail. The information on the test result sheet contained Veteran B's full name, address, and test results.…

Outcome: 12/31/14: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Veteran A received Veteran B's prescription. The package included medical instructions that contained Veteran B's full name and name of the medication.…

Outcome: 12/30/14: The Incident Resolution Service Team has determined that Veteran B will be sent a notification letter.…

Issue: An employee's backpack was stolen from his car parked near his residence. The backpack contained personal belongings, Personal Identity Verification (PIV) card, keys to his VA office and a caseload list containing 31 Veterans' last name and last 4 of…

Outcome: 11/13/14: The Incident Resolution Service Team has determined that there was a lost Personal Identity Verification (PIV) card. This is a policy violation and no data breach has occurred. Additionally, a notification letter will be sent to the 31 Veterans.…

Issue: Veteran A received Veteran B's prescription. The prescription contained Veteran B's full name and name of the medication.…

Outcome: 09/22/14: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: A travel voucher was sent to the wrong patient. The voucher contained full name, full social security number, home address, and miles traveled.…

Outcome: 02/20/14: One patient will be sent a letter offering credit protection services due to full name and SSN being disclosed.…