Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 5, 2014. Also cited in 44 other reports.
Report ID: 0J9N11, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on the interview and record review, the facility failed to maintain privacy and confidentiality for one patient (Patient A), when a staff member gave Patient A ' s protected health information (PHI) to Patient B, without authorization.Findings:On June 3, 2014, a review of the facility ' s entity reported incident of a staff (Employee) member who gave Patient A ' s PHI without authorization to Patient B upon discharge was received. The report indicated Patient B promptly notified the facility regarding Patient A ' s documents that were given to Patient B in error. These included a face sheet which contained Patient A's demographics, laboratory test request and patient diagnosis.During an interview with the facility compliance officer (FCO) on June 4, 2014 at 12:25 PM, he stated, Patient B, called the call center of the facility and the sector manager reported the call regarding the disclosure to the FCO. FCO also stated the following PHI were disclosed, " Patient 's name, medical record number, date of birth, gender, phone number, address, name of the insurance provider, group number of the insurance and treatment order. "A review of the facility ' s policy and procedure titled " Patients ' Rights: Protection of Patients Privacy " dated, May, 2013, indicated under the section General Provisions 1.1 " All Medical Center employees, members of the medical staff, ...,shall be responsible for maintaining the confidentiality of patient information. This responsibility shall include ..., the designated record set and its contents, and ... or written patient or patient-related data. " On section Written Information 2.5, indicated: " Distributed lists and report containing PHI, e.g. ..., medical record information, shall be delivered/distributed as follows: a. only to authorized persons or ... "The failure of the facility to maintain the confidentiality of Patient A ' s PHI resulted in the unauthorized access of Patient A ' s protected health information by Patient B.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights