VA Sunshine Healthcare Network (VISN 8)

Report ID: SPE000000078108, U.S. Department of Veterans Affairs

Reported Entity: VISN 08 San Juan, PR

Issue:

Phlebotomist kept 6 labels pertaining 1 Veteran on her robe and when exiting the hospital the labels slipped without her noticing it. The next morning, her supervisor found them lying on the parking lot near the guard. When questioned by the supervisor the phlebotomist confirmed that she lost them the day before. The labels contained the Veteran's name and full SSN. Update: 07/20/12:The Veteran will receive a letter offering credit protection services.

Outcome:

Based on the information gathered we conclude the following:a. Employee did not informed on time the privacy incident to the Privacy Officer or her supervisor. b. Employee lost the labels with no intention because did not follow the correct procedure of disposal protected health information (PHI). c. The protected health information (PHI) of Veteran was disposed incorrectly, violating his privacy rights and the Privacy Act (Title 5 USC 552a), Title 38 USC 5701, HIPAA Privacy Rule.d. All VACHS employees are required to safeguard documents containing personal identifiable information (PII) and protected health information (PHI) as stated in Privacy Policy CM No. 00-11-15 Responsibility Clause IV.L.(2&3) and Reasonable Safeguard Clause 4.0(d) on Attachment B. Therefore, evidence shows that Employee also violated this policy.Recommendationsa. VA NSOC has determined that a credit monitoring letter must be sent to Veteran to protect him for the privacy violation of his full name and full SSN and other HIPAA identifiers.b. Appropriate corrective actions should be given to Employee for violations of VHA Privacy Policy CM No. 00-11-15 according to the Sanctions Clause 5.0

Related Reports:

1 other violation reported on the same date. Note that other citations may be about the same event: SPE000000078103