VA Southwest Health Care Network (VISN 18)

Issue: An Office of Civil Rights (OCR) complaint was submitted by a former employee/patient of NMVAHCS regarding unauthorized and inappropriate access to medical records. The former employee alleged that a former coworker accessed his medical record without a need and used…

Outcome: Service Chief, ISO, and office of the facility director has been notified. The Service Chief of the violating employee is currently consulting with HR regarding sanction options available and more training.…

Issue: On 07/25/11, a charge nurse reported a missing audiotape and a handheld recording unit used for nursing shift report on 07/22/11. The missing recorder was last seen 07/22/11 at 8:30 PM in the nursing report room. Day shift reports the…

Outcome: Nursing to implement storage of recorder in locked med room immediately with staff education. Further security issues were addressed by nursing protocols for hand-offs for this device. HIPAA Notification letters signed by Director and sent to Veterans.

Issue: Veteran /Employee reported manager of a service line that a spouse worked under accessed information in an electronic form . Update: 09/19/11:The service line Manager accessed the information of an employee working in their department. That employee was the spouse…

Outcome: Suggested made to Manager/HR action to be taken and education on inappropriate access of Veteran/Employee records .…

Issue: A large envelope containing a printed copy of a patient medical record was found outside the door of the Privacy Officer in a public hallway. The envelope was not labeled and had no note but was taped shut. Update: 07/19/11:The…

Outcome: 08/30/2011 Update to ticket: 07/19/2011: Immediate corrective action was taken by Interim Supervisor for Centralized Records Unit-Release of Information Section - so that re-training and emphasis provided to responsible staff regarding unsecured PHI and responsibilities of all employees to assure…

Issue: Labels for 3 veterans were left on EKG machines on three separate patient wards. An employee doing a self-inspection found the labels and turned them in to me. Update: 07/20/11:Three (3) Veterans will be sent letters offering credit protection services,…

Outcome: Letter were sent to the Veterans affected by this incident and additional staff training was implemented. Also, supervisors will begin conducting walk-around in the morning to ensure labels are not left on machines.…

Issue: Veteran A was given an appointment sheet that belonged to Veteran B. This sheet contained Veteran B's name, full SSN, DOB, diagnosis and contact information. Veteran A is returning it to the Privacy Officer on 07/08/11. Update: 07/08/11:Veteran B will…

Outcome: A letter was sent to the Veteran and additional staff training was implemented.

Issue: Today, a Veteran employee provided the Privacy Officer with a written complaint that 3 fellow employees in her service accessed her medical record without authorization. A sensitive patient access report (SPAR) had been provided to employee previously. Appropriate investigation and…

Outcome: Investigation completed; reviewed findings with supervisors and Director. All staff investigated re-educated. Letter from Director mailed today to complainant. 10/13/2011 Further disciplinary action has been determined by the supervisor, to be appropriate. Disciplinary actions pending. Responded to complainant with VISN…

Issue: Veteran A reports that she received a letter and check from the VA travel department that belonged to Veteran B. She returned the information. The information contained full SSN, full name, and address. Update: 06/23/11:Veteran B will be sent a…

Outcome: Chief of benefits section notified and will remind staff to check addresses carefully to assure proper mailing.

Issue: Employee reports that her supervisor has accessed her medical record. Update: 06/28/11:The supervisor accessed the employee's medical record without a need to know. The employee will be sent a letter of notification.…

Outcome: Supervisor was counseled by the Service Chief that he does not have the right to access his employee's records.

Issue: COTR requested SPAR after experiencing identity theft issues, unrelated to employment. After SPAR was provided, COTR initiated privacy complaint to PO. Allegation of inappropriate access to his CPRS chart by a subcontractor. HealthNet's subcontracted provider accessed COTR's chart in CPRS…

Outcome: Contractor provided additional privacy education and information to the provider. Credit monitoring offer to COTR.