VA Mid South Healthcare Network (VISN 9)

Report ID: SPE000000057979, U.S. Department of Veterans Affairs

Reported Entity: VISN 09 Nashville, TN

Issue:

An employee reported for work and noticed a document on the fax machine. When reviewing the document, it was determined it was a report from a private doctors offices concerning another employees work restrictions. The employee that found the document, place the document in an envelope and placed on the employees desk. The employee who the document was about reported this as a possible breach to her privacy. At this point we are trying to determine if this document was faxed by this employee's private doctor or if a VA employee faxed this document. Update: 02/07/11:Upon further investigation. A VA employee was faxing this document to an employee's Supervisor. The Supervisor did not receive initially and the document was re-faxed. The Supervisor did finally receive the fax, however, an employee working late, found the other copy on the fax machine and put the document in an envelope and placed on the employee's desk. Although the person finding the 2nd copy secured appropriately, she did not have a need to know the information. It is felt she was the only one that saw the document, as everyone else had already left for the day. Please apprise if any notification letters are required.02/10/11:The second fax should not have been sent without first determining what happened to the first fax. The employee will be offered credit protection services.

Outcome:

Staff involved with this incident have been informed to insure a secure fax is used in the future and also provided advice of scanning information and sending via PKI encrypted email to avoid the possibility of employee information being seen by other employees.Privacy Complaint results letter to complaintant and CM Letter mailed as well. Redacted CM letter emailed to VA IRCT email box.