Beckley VA Medical Center

Report ID: PSETS0000116164, U.S. Department of Veterans Affairs

Reported Entity: BECKLEY WV - 517

Issue:

On 03/03/15 at 9:16 AM, a VA LPN employee emailed the Information Security Officer (ISO) that she has reason to believe that another employee may have accessed her CPRS chart in an attempt to retrieve her address and/or phone number. This employee would have no legitimate reason to review her chart. On 03/03/15 at 9:25 AM, the ISO responded back via email to the LPN employee asking what time frame does she think this occurred? On 03/03/15 at 9:28 AM, the LPN employee responded via email to the ISO that it occurred within the last few days to the last month. On 03/03/15 at 9:35 AM, the ISO advised the LPN employee via email that he will check. If a violation has occurred ISO will forward this to the Privacy Officer (PO) for action. On 03/03/5 at 10:18 AM, the LPN employee asked the ISO via email if this is something she will be notified of? On 03/03/15 at 11:37 AM, the ISO ran the report and emailed the PO with the information that he ran the report from 02/01/15 to 03/03/15 and the person that the LPN employee suspected had accessed her CPRS chart, had done so on 03/02/15 at 9:01 AM. On 03/03/15, the PO emailed the LPN employee showing her the report that the ISO ran showing that the employee (name omitted) was in her CPRS chart on 03/02/15 at 9:01 AM. The PO attached a form for LPN employee to complete and provide to the PO. The PO advised that she would input a privacy ticket regarding this occurrence. The PO told her that we will discuss the process when she provides the PO with the signed attached form.

Outcome:

03/03/15: The Incident Resolution Service Team has determined that Veteran B will be sent a HIPAA notification letter due to Protected Health Information (PHI) being accessed without authorization.