Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VA Southwest Health Care Network (VISN 18)
Mentioned in a privacy incident report created by the U.S. Department of Veterans Affairs on May 26, 2011. Also cited in 228 other reports.
Report ID: SPE000000063023, U.S. Department of Veterans Affairs
Reported Entity: VISN 18 El Paso, TX
Issue:
Veteran A was inadvertently handed lab results which included lab results (including positive HIV lab results) on Veteran B. Veteran A had requested copy of lab results two days ago from Medical Records/Release of Information (ROI) Section and upon review earlier today of pages of lab results - realized that 5 of the 7 pages he had been handed by ROI staff were lab results on Veteran B. All 5 original pages on Veteran B, in their entirety, were directly returned to attending provider of Veteran A. Attending Provider spoke with patient, documented report of contact, had facility Privacy Officer speak with the Veteran, and physician provider turned all documents into facility Privacy Officer. Update: 05/27/11:Veteran B will receive a letter offering credit protection services.
Outcome:
Equifax letter of credit monitoring offer for Director's signature and FedEx mailing to Veteran. Additionally, thank you letter to Veteran who returned incorrect documentation to our facility also completed for mail-out. Recommend ticket closure based on corrective action/mitigation, and per uploading of notification-credit monitoring letters provided. Corrective actions as follows: Update per responsible Supervisor in Release of Information Section: Supervisor has spoken with responsible employee in reference to how to verify correct processing of releasing of records. Additionally, Supervisor has reinforced and mentioned to all of the ROI staff that were present on 31 May 2011 that they also need to double check documents that are taken off of the multi-use staff printer they use for ROI that all documents must be reviewed for correctness and consistency to match names/date of birth and specific request prior to release 3) It has also been noted that when pulling up patient information and sending to printer, national has provided an update/warning re: DSS-ROI and that there may be more than one name appearing. All are cautioned to double and triple check printed requests to verify correctness. 4) Supervisor (acting) observed how an ROI staff member dealt with patients and noticed that staff person actually counted each sheet and looked at the name on each sheet and also verified the name on every sheet. All staff re-educated to pay strict attention to the issuing of records to our patients. Submitted: JWinstead, Privacy Officer EPVAHCS