VA Mid South Healthcare Network (VISN 9)

Report ID: SPE000000061863, U.S. Department of Veterans Affairs

Reported Entity: VISN 09 Nashville, TN

Issue:

An Employer of a Veteran, who was an active inpatient at the time, called the medical center to check on the Veteran. A Doctor (name unknown at the time), spoke with the Employer and began discussing medical information that should not have been communicated to the Employer. The Veteran did not authorize any communication with Employer. Update: 05/03/11:Veteran A will be sent a notification letter.

Outcome:

Privacy Complaint response letter signed by the Director was mailed to the Complainant on 6/22/11. A Memo from the Director has been sent to the Service Chiefs that had individuals involved with this incident which will require them to read the local policy concerning Inpatient Passwords and the procedures to follow when a call is received. These individuals will also be required to re-take the VHA Privacy Policy Web Training. The Chief Medical Officer will also remind all residents of the need to document in CPRS when they communicate with anyone concerning a patient outside the treatment team.The PO also contacted the Chief of MidSouth-Consolidated Patient Account Center, as the Supervisor who made this call to this VA, is also a VHA employee and should have been aware that she should not have called to inquire about this patient and it is felt she could have stopped this HIPAA violation from occurring when the Resident began to provide her medical information she knew she did not have a legal right too. They are following up with HR for any appropriate action needed, but at the minimum will re-take the VHA privacy Policy Web Training.

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: SPE000000061845, SPE000000061852