VA Southwest Health Care Network (VISN 18)

Report ID: SPE000000073203, U.S. Department of Veterans Affairs

Reported Entity: VISN 18 Phoenix, AZ

Issue:

On 03/21/12, a Veteran called the Supervisor who called the Privacy Officer (PO) to contact the Veteran regarding a HIPAA complaint. The Veteran indicates his appointment sheet at a Community Based Outpatient Clinic (CBOC) was provided to another Veteran's niece. She contacted him last evening, after their respective appointments. They met at the clinic today to recover the Veteran's information. They discussed this with the clinic staff. The Veteran will send the PO a copy of his print out to review the data fields exposed. The PO discussed the conversation that staff had with Veteran with the supervisor. The Supervisor will find out the neice's identity for PO letter to her and that of staff involved. An inservice by the PO with staff will be scheduled. Further notification and investigation to ensue. Update: 04/02/12:The PO called the Veteran for his neice's identity and she answered his phone as his caretaker. She was very happy to receive the call thanking her for her recovery efforts. She confirmed her actions The PO asked the department for an example of recovery document and their root cause analysis. Inservice by PO to be scheduled. The department Chief is on leave.04/09/12:An alternate Administrative Officer was able to provide an example of the exposed documents. Thess include "This is your next step of Care" and "The Med Form". The data fields exposed contained: full last name, full first name, last 4 of SSN , upcoming appointments, Veteran home address, home phone number, DOB, medications, drugs and diagnosis per drug. The Veteran will receive a letter offering credit protection services.

Outcome:

Alternate AOD has conducted an in-service with the MSAs regarding this event. Counseled individual responsible.