VA Southwest Health Care Network (VISN 18)

Issue: A Veteran received an envelope stuffed with 7 other Veterans' medical information via mailed envelope to his home address. Upon receipt he noticed that 7 other Veterans' information included in the envelope, called the facility and spoke to the Post…

Outcome: 06/15/2011 Letters of notification prepared, mailed out to 7 Veterans whose information was inappropriately mailed to Veteran who reported incident. Appropriate explanation of mishandling, and facility corrective action noted in this letter. Redacted copy of NSOC notification letter uploaded to…

Issue: An EKG print out was found on a bench between two buildings. Someone's lunch was sitting on it to prevent it from blowing away. No one was around. The employee who saw the print out waited for someone to return…

Outcome: Provided leadership for all sections with remedial training for safeguarding patient information. They are to go back to their sections and provide guidance to their employees.…

Issue: Veteran A returned information that he had received via mailed envelope which contained the partial SSN, medical appointment and identification/address information on Veteran B as well as a copy of a blank BioPsychosocial form requesting to be filled out and…

Outcome: Update - fact finding as conducted by involved personnel within facility showed the following: New Chief for Clinical Service out on leave - delay in response until his return. Upon return and per conducting fact-finding with involved staff determination was…

Issue: The lab results which including full SSN, full name, DOB, and diagnosis for 5 Veterans were mailed to Veteran A with his lab results. He contacted the clinic and returned all documentation. Update: 04/26/11:Five (5) Veterans will be sent letters…

Outcome: Provided remedial privacy training for involved staff.

Issue: Veteran A reported and returned the copy of lab results that had been mistakenly included in his medical information which had been provided to him at the front desk of the Release of Information Section. Two pages of one lab…

Outcome: Update - Notification letter and offer of credit monitoring completed for mailing to Veteran whose information was inappropriately disclosed. Copy of letter uploaded to NSOC/SPE ticket; requesting ticket closure based upon remediation and corrective action as documented above. Corrective action…

Issue: Employee A requested an audit log report for access to her electronic VistA records. She identified two co-workers (Employees B and C) whom she does not think should have accessed her records under any given circumstance. She is requesting an…

Outcome: 07/11/2011 Update: Fact-finding conducted and results provided to Executive Leadership. Determination that lack of privacy/confidentiality safeguards in processing of Mental health sensitive diagnoses for Veteran-employee of facility Mental Health Service as related to fee-based consult referral process led to access…

Issue: At noon, the Privacy Officer (PO) read an email from the ISO describing that a clinic employee received interoffice email with a computer security requests for 7 employees. The PO called the ISO, the interoffice mail and Privacy envelope were…

Outcome: Education regarding appropriate interoffice mailing of PHI, PII and III with instruction provided by Supervisor to 2 departments. Mailroom staff discipline will be collectively assessed in conjunction with another VA NSOC ticket by Associate Director and Union. Re-assignment of this…

Issue: The Privacy Officer (PO) received packet of information from the Privacy Officer at Tuscaloosa, Alabama who had received the packet of information from Veteran A at her facility. Veteran A had received 9 pages of medical record information and a…

Outcome: 05/31/2011 Update: Review of documentation related to fact-finding for medical Records/Release of Information Section noted that incorrect documents mistakenly included in incorrect envelope. Staff received re-education and review of procedural steps to assure that correct labeling, verification and mail-out must…

Issue: The Service Automated Data Package Application Coordinator (ADPAC) reported findings several computer access form requests for work study individuals placed on the Service network drive. Those documents contained those work study individuals' SSN and DOB. The data could it been…

Outcome: Update: Per fact-finding and review of sequence of events leading to discovery of this folder, Chief, Supervisor of Business Office, and ADPAC for this service determined that 11 employee names were listed in folder which could be accessed by other…

Issue: A VA employee found part of a progress note (for Patient A) on the floor outside the canteen retail store. The progress note contained the patient's name, full SSN, date of birth and protected health information. Update: 04/13/11:Patient A will…

Outcome: Unable to determine how this event happened. It's possible that patient dropped the paper.