VA Western New York Healthcare System at Batavia

Issue: A Veteran discussed with the Privacy Officer (PO) a concern over his 7332 information being released to an outside provider. Upon review of the request it was noted that Release of Information (ROI) released in full (including 7332) to the…

Outcome: 02/04/14: Veteran A will be sent a notification letter.…

Issue: The mail room received a returned envelope from the US Postal Service. The window pane had last name, first name, full SSN and date of birth displayed. The envelope was un-opened.

Outcome: 02/03/14: One Veteran will be sent a letter offering credit protection services due to the disclosure of full name and SSN.…

Issue: Veteran A received a letter from Pharmacy with update to his medications. Attached was CPRS printout of medications for Veteran B. Veteran A returned original papers to Privacy Officer (PO).

Outcome: 01/16/14: Veteran B will receive a HIPAA letter of notification.…

Issue: In follow up to a call to patient advocate, Privacy Officer reviewed documents released to insurance company. Found that alternate had missed some 7332 covered information from chart while redacting it. Items had been faxed to insurance company pursuant to…

Outcome: 12/19/13: One Patient will be sent a notification letter.…

Issue: Employee provided to Union (SEIU) copies of notes from CPRS for 8 Veterans as part of his PIP union representation. These notes were not de-identified. SEIU then provided these to HR as part of their rebuttal. HR had put sealed…

Outcome: 12/18/13: The 8 Veterans will receive a letter offering credit protection services.…

Issue: A Veteran called to complain that his employer was sent a copy of his ER visit. The Veteran stated he had asked for a note that he was in the ER only but the employer received the records. In reviewing,…

Outcome: 12/04/13: The Veteran will receive HIPAA letter of notification.…

Issue: Veteran A brought a Release of Information (ROI) letter with his name and address but the form completed and attached was for Veteran B. The form was an application for a handicap parking permit and contained Veteran B's name and…

Outcome: Data not available.

Issue: A VA Western New York Physician took an unauthorized access action by viewing the sensitive electronic medical record of a different Western New York Physician.

Outcome: 09/16/13: Employee/Physician A will be sent a letter offering credit protection services.…

Issue: During ISO sensitive audit, it was determined that VA staff member inappropriately accessed a volunteer's record in VISTA to look up their home phone number so she could call him and check on him.

Outcome: 08/14/13: The volunteer will receive a general notification letter.…

Issue: During a Release of Information (ROI) audit it was noted that one clerk released 7332 protected info without proper/valid authorization to do so. The authorization was for treatment by a non-VA provider but did not address 7332 info. This was…

Outcome: 08/12/13: Veteran A will be sent a notification letter.…