Northwest Network (VISN 20)

Report ID: SPE000000080029, U.S. Department of Veterans Affairs

Reported Entity: VISN 20 Boise, ID

Issue:

A traumatic event occurred involving an employee who is also a Veteran. The knowledge of this event was spreading to other employees per workplace chatter in the hospital, at which time we began to monitor the access to this Veteran's chart. Several suspicious entries have been noted and are being investigated. One of the suspicious entries has been confirmed as inappropriate in which the medical chart was opened, the patient/employee's picture accessed, discussed and shown to others during work hours. Update: 09/14/12:It has been determined several people looked at the record for reasons other than work related tasks and some of the staff in the Lab claim they left the CPRS logged in to their account and stepped away from the computer for a length of time long enough for some other person to log in to the account for inappropriate reasons. I will change status to incident-failure to safeguard and unauthorized access. Since the purpose of the inappropriate accesses were to find out about the protected health information (PHI), the Veteran will receive a letter of notification

Outcome:

To prevent such incidents from happening again the Privacy Office has written a report of each employee's breach. The reports will go to the employee's supervisors and the Human Resource Department for further action. The Privacy Officer also provided education to the department Chief's and supervisors at the most recent Directors Staff Meeting highlighting this type of privacy breach and their responsibility to educate and monitor their employees. A letter was also written by the Privacy Officer to all staff and published in our internal employee newsletter the Boise Front educating staff of their responsibilities to only access patient information on a need to know bases for their job duties.