Sierra Pacific Network (VISN 21)

Report ID: SPE000000069691, U.S. Department of Veterans Affairs

Reported Entity: VISN 21 Fresno, CA

Issue:

While State Investigators from a State Licensing Board were investigating a complaint against a Registered Nurse (RN) employed at this facility, they disclosed to the facility Privacy Officer (PO) that the complainant had included copies of the RN's employee medical records. There isn't any record of the medical records being released through Release of Information (ROI) so it appears that another VHA employee may have accessed the RN's electronic medical record, made copies and submitted them to the State Licensing Board with their complaint against the RN. The PO will initiate an investigation with the assistance of the Information Security Officer (ISO) to determine how the RN's medical records were accessed, copied and by whom. Update: 12/19/11:The unauthorized access has not been substantiated however a copy of the employee's employee health record was included with an anonymous complaint to the State Licensing Board. In August of 2010 there was an unauthorized access of this employee's medical record and the employee was offered credit protection services in October of 2010 (SPE000000053261). It is believed these two tickets may be related to the same incident.12/22/11:The Data Breach Core Team discussed the incident and determined that credit protection services should be offered. The employee will receive a letter offering credit protection services.

Outcome:

A Sensitive Patient Access Report is routinely reviewed by the ISO and PO to identify potential unauthorized access to medical records. An employee that was identified in SPE 000000053261 as having accessed this record was disciplined at that time, we have been unable to determine then and now who may have printed the medical records and mailed them anonymously to the State Licensing Board.