Phoenix VA Health Care System

Report ID: PSETS0000120363, U.S. Department of Veterans Affairs

Reported Entity: PHOENIX AZ - 644

Issue:

On 04/22/15 and 04/29/15, a research study staff member consented two patients to the study using a rescinded HIPAA authorization, and made disclosures for each of the two to a financial services company (Greenphire, LLC, King of Prussia, PA) assisting the VA's nonprofit research corporation with the study, which was not listed on the rescinded authorization. Greenphire's role in the study is to process study reimbursements to subjects through ClinCard debit cards rather than reimbursing the VA for agent cashier vouchers for non-VA-funded studies. Greenphire was added to the study's HIPAA authorization on 12/12/2014, at which point the old authorization dated 11/18/14 was rescinded. Because these two subjects signed the outdated 11/18/14 authorization, Greenphire was not listed as a recipient of disclosures. The disclosures to Greenphire, for each of the two patients was name, DOB, home address, study ID number, initial study visit date, and reimbursement amount to be paid for the first visit and the study ID number, visit dates, and reimbursement amount per visit for the next six study visits each. All data were entered electronically into Greenphire's secure website by the study team. The only apparent use of the information by Greenphire was to issue the subjects ClinCard debit cards and reimburse the subjects as intended. Both subjects have since completed their participation in the study. Preliminary investigation suggests the root cause was study team members stockpiling their own convenience copies of study documents rather than printing the current ones from the study files de novo when needed.

Outcome:

06/04/15: The Incident Resolution Service Team has determined that two Veterans will be sent a letter offering credit protection services.