VA Mid South Healthcare Network (VISN 9)

Report ID: SPE000000060152, U.S. Department of Veterans Affairs

Reported Entity: VISN 09 Nashville, TN

Issue:

On March 22, 2011, Patient A contacted the Privacy Officer (PO), Health Resource Center (HRC), to report he received a billing statement for Patient B. The billing statement contained Patient B's address and name of medication but it was sent to Patient A's address. The VA facility listed on the statement is the Tennessee Valley Healthcare System (Nashville). Upon investigation, it was determined the statement was mailed on behalf of the Nashville VAMC by the vendor under contract to the VA Corporate Data Center Operations (CDCO), Austin, Texas but is based on the address in the Nashville VAMC's VISTA data base which is transmitted to the database in Austin. Patient A returned the statement, with the original envelope, to the HRC. On March 28, 2011, the Nashville PO reviewed Patient A and Patient B's VistA information and noted the same address is listed for both. The PO contacted Patient B, confirmed the correct address, and will ensure the address is corrected in VISTA. Update: 03/29/11: Patient B will be sent a notification letter.

Outcome:

4/15/11 - HIPAA Notification letter mailed to Veteran. Redacted copy emailed to VAIRCT. 4/18/11: The statement was mailed, on behalf of Nashville VAMC, by the vendor under contract to the VA Corporate Data Center Operations (Austin, Texas) but is based on the address listed in the Nashville VAMC\xe2\x80\x99s VISTA database which is transmitted to the database in Austin. PO reviewed the VISTA information for Patient A and Patient B and noted the same address was listed for both. PO contacted Patient B by phone to discuss the privacy concern. It was determined the incident was due to a human error as the wrong address had been inputed in the VISTA system for Patient B. The information has since been updated to reflect Patient B's correct address.