VA Roseburg Healthcare System

Issue: A provider accessed the records of Veterans without a need to know.

Outcome: 04/28/15: The Incident Resolution Service Team has determined that there was a privacy violation but no breach has occurred.…

Issue: An employee who is the ex-spouse of a Veteran/employee has accessed the Veteran employee's Veteran medical record on several occasions in the last year. We do not know whether the access was in the performance of the employee's duties at…

Outcome: 03/16/15: PO update - The Privacy Officer (PO) has reviewed the record and found that he will need to conduct a fact finding. The PO will be contacting the Supervisor on 3/16/15 to schedule. 3/25/15: A fact finding interview was…

Issue: A list of Veteran' attending a group training session was included in an information packet and given to one of the Veterans attending the training.

Outcome: 01/20/15: The Incident Resolution Service Team has determined that seven Veterans will be sent letters offering credit protection services, as their full SSNs were disclosed.…

Issue: The medication list of a Veteran was mis-faxed to a private party. The individual who received the information informed VA of the error and sent the records back.…

Outcome: 12/23/14: The Incident Resolution Service Team has determined that one Veteran will be sent a letter offering credit protection services.…

Issue: An employee submitted a complaint to a Congressional Office that included a copy of an incident report. The report contained the first and last name and the last four of the SSN of a Veteran.…

Outcome: 10/28/14: The Incident Resolution Service Team has determined that there was a policy violation. While there was an unauthorized access/disclosure of data, it has been determined that the incident has a low probability of a risk of compromise.…

Issue: An employee was cleaning his office and put two boxes of miscellaneous documents in the hallway. VA Police found the boxes and notified the Privacy Officer (PO). The boxes were in the hallway for approximately one and a half hours…

Outcome: 10/02/14: There are no cameras in the area. The employee was cleaning out her office in preparation for separation from the facility. Staff has been told on several occasions that there is no recycling at the facility and all paperwork…

Issue: A travel payment denial letter was send to the wrong Veteran.

Outcome: 09/15/14: The Incident Resolution Service Team has determined that Veteran B will be sent a general notification letter.…

Issue: A specimen cup and letter for Veteran A was sent to Veteran B. Veteran B called to inform the facility of the incident and stated he/she would bring the items with him/herself to his/her next appointment taking place on 7/9/14…

Outcome: 07/06/14: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: Medical records for the wrong Veteran were sent to a life insurance company

Outcome: 04/10/14: The Incident Resolution Team has determined that the Veteran will be sent a HIPAA notification letter due to Protected Health Information (PHI) being disclosed.…

Issue: A medication list for Veteran A was sent home with Veteran B. Veteran A's name, full SSN, date of birth and medication information were compromised.

Outcome: 03/31/14: The Incident Resolution Team has determined that Veteran A will be sent a letter offering credit protection services due to the full SSN being compromised.…