VA Southwest Health Care Network (VISN 18)

Issue: A provider self-reported that she had called Patient A about a medication refill and did not check the last four numbers of the social security number before continuing the conversation. As the provider was reviewing the medication list with the…

Outcome: Privacy Officer has reminded provider and service chief of the need to properly verify the identity of the patient before discussing PHI to prevent this from happening again.

Issue: An appointment reminder card containing Veteran's A full name, address, and appointment location, date, and time information was found discarded on the floor of the New Mexico VAHCS cafeteria on 6/7/2011. Update: 06/07/11:Veteran A will be sent a notification letter,…

Outcome: A patient disposed of her appointment card improperly and when a staff member saw it, it was retrieved & reported. Mailed letter to Veteran informing them of the inappropriately disposal of the appointment reminder card on 6/6/2011. Appointment reminder card…

Issue: An employee discovered a patient arm band in parking lot including a patient's full name & last four digits of their SSN. Update: 05/31/11:The patient will be sent a notification letter, due to full name and PHI exposed.…

Outcome: A notification letter was sent to the patient and the wrist band was retrieved and shredded on 6/1/2011.

Issue: VA employee published article consisting of case reports using clinical information that could lead to the identity of the patients violating disclosure of patients PHI. Update: 06/16/11:The article was published on the NIH Website and Pub Med. The director of…

Outcome: Nurse Pactioner no longer employeed at NAVAHCS but employeed at VA Texas Valley Coastal Bend Health Care System published an article without authorization involving four of our Veterans . Of the four case reports published two of the four could…

Issue: Veteran A was inadvertently handed lab results which included lab results (including positive HIV lab results) on Veteran B. Veteran A had requested copy of lab results two days ago from Medical Records/Release of Information (ROI) Section and upon review…

Outcome: Equifax letter of credit monitoring offer for Director's signature and FedEx mailing to Veteran. Additionally, thank you letter to Veteran who returned incorrect documentation to our facility also completed for mail-out. Recommend ticket closure based on corrective action/mitigation, and per…

Issue: Two labels with patients' names, full SSN, and DOB were left on EKG machines in two separate areas of the hospital. Update: 05/26/11:Veteran A and B will be sent a letter offering credit protection services.…

Outcome: Ward and diagnostics staff members have been retrained regarding the importance of taking labels with them when they complete an EKG. This information is being discussed at all staff meetings.…

Issue: Today, 5/12/2011, a Veteran reported to the Privacy Officer (PO) that another patients identity is in two of his progress notes. He noticed this when he received his medical records several weeks ago, has an appointment today. The PO's initial…

Outcome: Physician Supervisor spoke with physician about incident. She also met with other physicians in the service line to remind them to be extra attentive when copying and pasting patient information from endow reports and also into pathology letters. Review of…

Issue: On 05/06/11, a clerk in Prosthetics inadvertently handed the appointment listing for the day to a patient along with his own paperwork. The clerk was able to determine which patient had the paperwork (from the time he last saw the…

Outcome: Staff was provided remedial training and emphasis was placed on the proper securing of patient information.

Issue: The incorrect appointment letter was mailed to Veteran A. Veteran A contacted the clinic and returned the information. The letter he received had Veteran B's information on it, including medical appointment, full SSN, full name, address, and DOB. Update: 05/09/11:Veteran…

Outcome: Completed remedial privacy training for staff. Reiterated the need to be more careful when mailing information to patients by ensuring patient's names on printouts and envelopes match.…

Issue: A Release of Information (ROI) staff notified the Privacy Officer (PO) of a returned lab report by mail. Veteran A returned a two page lab report, mailed to him initially, for Veteran B. The document contained lab results, but no…

Outcome: Data recovery. No source of print or mailing identified. HIPAA notification letter and labs sent to patient today. "PO will monitor any event of this nature despite no prior reports. No source of this print job nor of mailing can…