This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

Rocky Mountain Network (VISN 19)

VISN 19 Fort Harrison, MT

Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on December 9, 2011. Also cited in 133 other reports.


Report ID: SPE000000069530, U.S. Department of Veterans Affairs

Reported Entity: VISN 19 Fort Harrison, MT

Issue:

Date: 12/9/11 Issue: In CPRS, when staff want to add an additional signer to a Progress note, they must use their mouse to \xe2\x80\x9cRight click\xe2\x80\x9d on the note. This brings up a box with the names of all VA Montana staff. One name will be highlighted and then you must use the drop down box to select the person you want to sign the note. Number of veterans affected- 3ea PHI disclosed-- full name, full SSN, DOB and medical condition Was out of VA control-- no, sent via Vista Mailman and deleted for recipient. Problem: The source for the names seems to be the general VISTA access account. The drop down box lists ALL VA Montana staff who have VISTA access (which should be all staff so they can enter leave), and is not limited to staff who have been designated as having authorized access. Once the additional signer is indicated, that person gets a Vista Mailman alert that they must sign a note. THAT person can open the alert and access the patient\xe2\x80\x99s electronic chart. The person reporting this issue is a Facilities repairman\xe2\x80\x94NOT a clinical person and has NOT been granted access to CPRS, but he can access a patient\xe2\x80\x99s CPRS record via this Alert. CPRS programming issue -- REPEAT PROBLEM NOT RESOLVED-- PLEASE REVIEW. See REMEDY ticket # 63994 previously reported for same problem. The problem is being reviewed and addressed through the ISO\xe2\x80\x99s as well. Update: 12/12/11: Due to unauthorized individuals seeing medical information, three (3) Veterans will receive a letter offering credit protection services. This issue has been reported to VistA support services.

Outcome:

Education sent out to all VA staff that have access to the electronic medical record to use more caution when selecting a name as an addtional signer. Also PO is keeping track of alerts reported for follow up.

Do you believe your privacy has been violated? Here’s what you can do: