VA Healthcare - VISN 4 (VISN 4)

Report ID: SPE000000071947, U.S. Department of Veterans Affairs

Reported Entity: VISN 04 Pittsburgh, PA

Issue:

VA employee suspects that another VA employee(s) may have accessed his computerized patient record system inappropriately. Update: An access log has been requested from the Information Security Officers. The results of the access log has been reviewed and compared with the appointment history. Interviews with 3 employees and 1 intern were conducted. The first employee stated she did access the VA employee's medical record on 5 separate occasions that were not in the function of her job duties. The second employee stated she probably accessed it in the performance of job duties concerning a recall list and there should be a progress note concerning this. There was not a progress note concerning this in the Veteran's record. With the assistance of OI&T, the Supervisor confirmed this Veteran would not have been on the recall list as stated by the employee. The third employee stated she did not access or remember accessing this Veteran's medical record but also stated she leaves her computer unlocked. The intern and her field instructor provided the intern's job assignment list in which the Veteran's name was on. The field instructor confirmed the accesses were in the function of assigned job duties. At this time it has been determined the Veteran's record has been inappropriately accessed 7 times by three employees. The user access of these three employees have been disabled. Therefore Employee A will receive a letter offering credit protection services.

Outcome:

The Privacy Officer and Information Security Officer will attend the Service Line staff meeting on March 7th and provide data security and privacy training to all staff.