VA Sunshine Healthcare Network (VISN 8)

Issue: A VA Provider mistakenly handed an envelope to a patient containing another patient's outside medical records. The outside medical records contained medical information and the individuals DOB, but did not contain the individual's social security number. The day after he…

Outcome: Training has been provided to staff at a staff meeting for privacy awareness during the handling of patient information. Person responsible for breach has retaken VHA Privacy course in TMS.…

Issue: The Privacy Officer (PO) was notified by mail that Veteran A erroneously received diagnostic test results for Veteran B. Veteran A mailed three pages of information back to the PO. The three pages contained Veteran B's name, address and lab…

Outcome: Notification letter mailed 11/30/11. The pages were retrieved and staff were re-educated…

Issue: The CIO found a claim folder with sensitive information from one Veteran and a list of other 27 Veterans with full SSN. Update: 11/28/11:All 28 Veterans will be offerred credit protection services.…

Outcome: Cannot identify the person who left unattended the documents. Provided oral education to the nurse whose information was also in the envelope.Promo codes have been requested for the 27 reservists.…

Issue: Veteran A came to facility to follow up on a previous concern. At this time, the Patient Advocate's office noticed the letter sent to Veteran A regarding this concern was mailed to the wrong address. The Privacy Officer (PO) is…

Outcome: A notification letter has been mailed to the affected Veteran. Additional training has been provided to the employee who inadvertently placed the wrong address on the letter.…

Issue: A VA employee in the Office of Worker's Compensation accidentally emailed Employee A's case summary sheet to Employee B, a staff nurse with the same first name as Employee A, both within the same building The case summary sheet was…

Outcome: Employee will re-sign Rules of Behavior. All other HR employees advised to double-check addressees before sending email.…

Issue: A VA employee admitted to inappropriately taking a patient's wallet and rather than return the wallet, stated she discarded into the red Medical Hazardous Waste bag. Update: 11/14/11:The employee has been charged with theft of the wallet by the VA…

Outcome: Open investigation pending administrative action and possible criminal actions. Service chief and facility management aware if incident.…

Issue: While conducting a patrol of the Primary Care Department area, a VA Police Officer discovered a telephone message with patient information left unattended in a provider's record bin. The message contained the patients full name, full SSN, telephone number and…

Outcome: All providers, nurses and the clerk in UCC retrained on Privacy and Information Security. Providers re-educated by their supervisor on the PHI policy and on leaving PHI information unsecured. New protocol implemented for the end of the day closing for…

Issue: A medical records technician mis-mailed Veteran A's medical records to Veteran B. The records included a medication list, lab results and progress notes. Veteran B returned the records to the facility upon discovery. Update: 11/07/11:Veteran A will be sent a…

Outcome: A credit protection letter was mailed to the affected Veteran. Education was provided to the employee who inappropriately disclosed the information. The employee was asked to retake Privacy & HIPAA training.…

Issue: Veteran/employee applying for medical retirement alleges VA mailed him another veteran's medical information. Update: 12/19/11:The information has been reviewed and nine other Veterans full SSNs were disclosed. All nine will be offered credit protection services.…

Outcome: The Assistant Service Chief reminded all staff to use caution when mailing items to employees. The employee responsible for this incident has relocated to another VA facility.…

Issue: A ripped Patient ID band was found in the facility parking lot by the Information Security Officer who secured it and gave it to the Privacy Officer. The ID band contained the patients' name, full SSN, and date of birth.…

Outcome: The Privacy Officer was unable to determine how the ID band ended up in parking lot. The patient was still on the unit at time. There was no date or unit on ID band. Clinical staff on all three possible…