VA Healthcare System (VISN 10)

Report ID: SPE000000072159, U.S. Department of Veterans Affairs

Reported Entity: VISN 10 Cleveland, OH

Issue:

A VA patient stated that a Community Based Outpatient Clinic (CBOC) employee disclosed personal information (SSN, medical information, child support, etc) to his ex-spouse. The patient states he is dating the VA employee's ex-spouse. There are non-privacy related issues that exists also, such as showing up at residence of the patient. This is being handled by Senior Management. For now, we have temporarily suspended the employee network account until we can extract a roster reflecting access. The patient's record was also flagged. . Update: 03/05/12:The Privacy Officer (PO) met with the employee and reviewed access and performed a fact finding interview with union. He is awaiting additional documentation from the patient, who was supposed to provide the information on 03/01/12, but never did. The PO will also call the ex-spouse to gather additional information.03/06/12:The PO contacted Human Resources (HR) and VA Police. The patient did not submit any additional documents. 03/12/12:Of the three allegations, only 1 has been validated and that involves access to the patient's medical record on 06/03/11. The other two allegations are being dismissed. The patient was notified and understands. A copy of the supporting documentation was sent to the Supervisor for appropriate corrective action on 03/12/12.

Outcome:

Employee placed on AA until HR completes their portion. A copy of the supporting documentation was sent to the Supervisor for appropriate personnel action. Employee's access to the network was terminated on 2-27-12. Credit Monitoring mailed on 3-16-12. Redacted copy uploaded to ticket.