VA Southwest Health Care Network (VISN 18)

Report ID: SPE000000076874, U.S. Department of Veterans Affairs

Reported Entity: VISN 18 El Paso, TX

Issue:

Veteran A reported and provided to facility Privacy Officer that he had received information on another Veteran "B" - which had been included with appointment notification letter mailed to his home address. He provided the original incorrectly mailed information to Privacy Officer, provided the envelope, and noted that he had received these lab results and other Veteran B appointment letter - all stuffed into the envelope mailed to him - approximately a week ago. Brought it in today to report the problem and get straightened out; expressed concern that he "would not want his information handled/mailed incorrectly like this." Veteran was thanked for reporting and for providing originals back to our facility and the process for correction, fact-finidng and reporting to Veteran B, whose privacy was breached was explained to Veteran A. Update: 06/19/12:Due to full SSN being disclosedVeteran B will be sent a letter offering credit protection services.

Outcome:

06/22/2012: Review of incident with responsible Interim Nurse Manager and Supervisor, Centralized Records Unit-Release of Information area revealed that CBOC was responsible for inappropriate inclusion of information on incorrect Veteran which was included in mailing of information to another Veteran. Privacy Officer and Alternate Privacy Officer traveled to remote CBOC to conduct overview and training regarding proper handling of information to be mailed to Veterans, HIPAA requirements, and walk-through of steps which led to this privacy breach. Determined per Interim Nurse Manager that combined printing onto a combined usage printer contributed to the privacy breach; Manager to determine additional corrective action as related to sorting, positioning, and routing of printing and provide additional documentation of corrective actions to address this issue. 07/02/2012: Corrective action/remediation as follows: Interim Nurse manager noted training provided by Privacy Officer and alternate Privacy Officer; also conducted and reinforced procedures put in place for CBOC medical, support, and administrative staff to assure appropriate handling, printing, and mail-out of Veteran information. Additionally, Interim Nurse manager reconfigured priorities and routing of CBOC printing of documents to a shared printer and has requested additional printers for providers so that medication reconciliation documentation would be able to be printed and reviewed with Veteran while in/during appointment - instead of queued, delayed print to common printer. Trial of administrative support staff to also include staff initialing envelopes prior to mail-out. Above corrective action effective for CBOC staff immediately with oversight/supervision of Interim Nurse Manager. 07/11/2012: Information and fact-finding updated and provided to Executive leadership. Reference CPM for Medication Reconciliation also provided with recommendation from Interim Nurse Manager and Privacy officer for additional desk-top printers to be available to CBOC providers. Ticket recommended for closure pending uploading of redacted letter offering credit monitoring to Veteran whose privacy was breached. Submitted: JWinstead, Privacy Officer EPVAHCS 07/11/2012 Note also that Medical Records/Release of Information (ROI) Supervisor has set up trial process for one member of her ROI Staff to work on CBOC requests, on-site at the CBOC on a once a week basis to determine if this will eliminate mishandling of PHI/PII by CBOC staff in future. Submitted: JWinstead, Privacy Officer EPVAHCS 07/11/2012: Final corrective action taken - redacted letter of credit monitoring offer for Director's signature, mail out to affected Veteran and uploaded to this site. Thank you letter to reporting Veteran to Director's Office for signature and mail-out.