Phoenix VA Health Care System

Report ID: PSETS0000088742, U.S. Department of Veterans Affairs

Reported Entity: PHOENIX AZ - 644

Issue:

On 5/01/13, a physician from an Outpatient Clinic informed the Privacy Officer (PO) that Veteran A provided him with Veteran Bs documents, reportedly from Veteran As medical record. During the patient encounter, it was not clear if the scanned documents obtained were visible in MyHealtheVet or if Veteran A had picked up the documents from Release of Information (ROI). The physician reviewed and verified scanned images in his chart. There are five pages within a 31-page set that belonged to Veteran B instead of Veteran A. There is a cover page with partial SSN, full name, followed by two pages of an MRI report, duplicated (five pages total) containing MRI diagnostic findings, Veteran full name, DOB, home telephone number, account number from an non-VHA Radiology clinic. The documents were dated 05/10/11 and scanned into the medical record on 01/02/13. Initial review of Accounting of Disclosures shows that Veteran A picked up CPRS documents from ROI on 04/29/13 but not scanned images. Documents were scanned in error into the medical record, but unclear if MyHealthEVet is the source providing to Veteran A. MyHealthEVet is not known to show image capture via Blue Button nor did ROI software show disclosure of scanned documents to Veteran A. Scanning Department (HIMS) will be notified to remove images and perform quality review of both charts. Further notification and investigation, pending.

Outcome:

05/02/13: The documents contained Veteran B's name, date of birth, partial SSN and protected health information (PHI). Veteran B will receive a letter offering credit protection services. 05/29/13: This was determined to be HITECH reportable by VHA Privacy Office.

Related Reports:

3 other violations reported on the same date. Note that other citations may be about the same event: PSETS0000088732, PSETS0000088735, PSETS0000088762