VA Sunshine Healthcare Network (VISN 8)

Issue: VA employee found documents of a request for files for Veteran A in a bathroom close to the treatment area in Primary Care. The VA employee went to the Privacy Officer (PO), but she was not available, so the employee…

Outcome: A fact finding was performed by the one of the ISO's on November 7, 2011. I report was sent to the Director Office on January 25, 2012. A promotion code letter for the Veteran was requested on December 29, 2011.…

Issue: A program support clerk rpocessing a parking permit inappropriately disclosed Veteran A's personally identifiable information (PII) to Veteran B. The parking permit application form included Veteran A's full name, date of birth, and address. The routing slip to the provider…

Outcome: Credit Protection letter mailed to Veteran A. Further education and training provided by Privacy Office to employee who made the disclosure and information was communicated with supervisor who will provide counseling.…

Issue: Veteran A reported receiving the medical records belonging to Veteran B by mail. The medical records contain individually identifiable health information, including Veteran B's name, date of birth, full SSN and diagnosis. Veteran A will returned mis-mailed records to VA.…

Outcome: Service Chief reported he is unable to confirm how this inappropriate mailing occurred, who specifically made the error or even that the mailing originated from our Service. It is possible that the release could have originated from a clinical area…

Issue: A furniture turn in request (VA TI # 672-11-4-2222-0784) was submitted to the warehouse for turn in of furniture. On 10/26/11 the furniture was removed from the loading dock by the warehouse staff and taken to a local VA storage…

Outcome: PO states appropriate disciplinary actions should be given to the 6 employees for violations of VHA Privacy Policy CM No.00-11-15 according to the Sanctions Clause 5.0:A. Enforcement of a previous recommendation made by the Privacy Officer due to another breach,…

Issue: A Provider notified the Privacy Officer (PO) that she received a view alert. In an attempt to process it, she realized that it was her own medical record. The Provider then requested a Sensitive Patient Access Report (SPAR) and requested…

Outcome: One of the Medical Administrative employees was interviewed. The Supervisor and the Service Chief reported to the PO that the employee questioned stated that he must have accidentally exited a patient's record prematurely. He then entered a note requesting a…

Issue: Research foundation employee responsible for mailing checks from the research Foundation (non-profit organization) accidently mailed a check intended for Financial Services company to a Veteran. The checkstub of the check contained a list of 11 Foundation employees names and full…

Outcome: Education provided to staff regarding the mailing of sensitive information. Coordinated with bank representatives to no longer send social security numbers for identification of employees.…

Issue: UPS delivered a National Practitioner Data Bank Review package to a VA employee's home address. The package originated from the Quality Management (QM) Service. The address label had the correct recipient's name, but VA employee's home address. Two delivery attempts…

Outcome: The Risk Manager will confirm and re-verify the most current known address for all intended recipients of tort claim notifications effective immediately. Credit monitoring letter provided to Veteran.

Issue: Employee A accessed the CPRS Chart of Employee B (who is a Non-Veteran) one time. Also Employee B accessed the CPRS Chart and other VISTA screens of Employee A who is a Veteran on five (5) different occasions. The two…

Outcome: a. Employee A committed a privacy violation due to unauthorized access to Employee B record. Her privacy rights were violated according to Privacy Act (Title 5 USC 552a), and HIPAA Privacy Rule 45 CFR 164.530(c). Employee A also violated VHA…

Issue: Veteran A's appointment letters were mismailed to Veteran B which included the appointment date, full name, full address and the last four of the social security number. Veteran B returned the appointment letters. Update: 10/11/11:Veteran B will be sent a…

Outcome: Employee was educated by the Privacy Officer and the Supervisor to make sure that the appointment letters are checked carefully before mailing.

Issue: An Occupational Health provider sent, via CPRS, a Progress Note from an employee's visit to the employee's supervisor. It appears the nurse provider did this in an attempt to keep the employee's supervisor informed of the employee's situation, since she…

Outcome: Clinical staff reminded NOT to forward employee progress notes to supervisors unless directly related to Treatment, Payment , or Healthcare Operations.