VA Mid South Healthcare Network (VISN 9)

Report ID: SPE000000066272, U.S. Department of Veterans Affairs

Reported Entity: VISN 09 Nashville, TN

Issue:

In May 2011, a Veteran's son requested copies of his father's medical records (from 1996 to 2004) through Release of Information (ROI). The Veteran and son have the same name. The request was completed in May. In August 2011, ROI received a call from the son's mother who inquired about the status of the records request. The request was retrieved from the file room, reviewed, and determined to be non-compliant as there was no documentation of a personal representative. Upon further review by the ROI manager, it was noted the Veteran expired in 2005 and the medical information was sent to the Veteran's home address. It is believed the medical records were accidentally sent to the Veteran's home address as if it was the Veteran (and not the son) who requested the information. ROI sent a letter to the son with an explanation as to what information is needed to process his request. The Veteran\xe2\x80\x99s personally identifiable information (PII) that was disclosed included all medical records from 1996 to 2004 to include Compensated Work Therapy (CWT), HIV testing and alcohol dependence. Update: 08/31/11: Due to the Veteran being deceased, the Next of Kin will receive a NOK notification letter.

Outcome:

9/2/11 - NOK HIPAA notification letter mailed. The Privacy Officer investigated this incident and found it was caused by human error. The employee involved had been temporarily detailed to ROI to assist during a staffing shortage and was not fully educated on the process to check for accuracy of records before mailing. Since this incident, the ROI Manager software program has been updated to include a death entry flag, which will alert staff when a deceased Veteran\xe2\x80\x99s records are being requested. ROI staffing has increased and the employee involved is no longer detailed to ROI.