Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VICTOR VALLEY GLOBAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 13, 2015. Also cited in 8 other reports.
Report ID: 414Y11.01, California Department of Public Health
Reported Entity: VICTOR VALLEY GLOBAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of Patient A's protected health information (PHI) when a Health Information Management Release of Information Clerk (HIM ROI Clerk) faxed Patient A's medical record document to an unintended recipient. This resulted in an unauthorized disclosure of Patient A's PHI.Findings:On April 13, 2015 at 11:15 AM, a phone interview was conducted with the Compliance and Privacy Officer (CPO) regarding an entity reported incident of a breach of Patient A's PHI. The CPO stated the HIM ROI Clerk called the Doctor's office (intended recipient) on May 13, 2013 to obtain the correct fax number and was given fax number ending in ...59 and the HIM ROI Clerk proceeded to fax the document to the number given to her. The correct fax number was the same except the last digit was a 5.The CPO stated the facility detected the breach on May 24, 2013, when Patient A notified the facility that she received her medical record document, which contained Patient A's name, date of birth, age, gender, address, home phone number, cell phone number, insurance name, insurance policy and group numbers, diagnoses and social security number in the mail by someone named (unintended recipient). A formal letter of notification was sent to Patient A of the breached PHI, and provided a copy of the letter for review.On April 15, 2015 at 3:30 PM, a phone interview was conducted with HIM ROI Clerk regarding this entity reported incident. HIM ROI Clerk stated the Doctor's office staff called requesting a copy of Patient A's face sheet (medical record document) and I asked for the fax number and I repeated the fax number back to verify I heard the number correctly. The HIM ROI Clerk stated she entered the fax number the Doctor's office staff provided, double checked the display screen to make sure it was correctly entered and sent the fax.In addition, the HIM ROI Clerk denies entering an incorrect fax number. "I entered the fax number that was given to me."A copy of the letter sent to Patient A dated July 10, 2013, informing her about the breach of PHI she reported on May 24, 2013 was reviewed.A review of the fax transmission cover sheet dated May 13, 2013, indicated the fax number ending in ..59, not ..55.A review of the medical record document (face sheet) indicated Patient A's name, date of birth, age, gender, address, home phone number, cell phone number, insurance name, insurance policy and group numbers, diagnoses, and social security number.A review of the facility's policy and procedure titled, "Faxing Patient Information" dated August 2008 and revision date November 2011, indicated "It is the policy of (name of facility) to ensure that medical records sent or received by facsimile (fax) will maintain both patient confidentiality and medical record integrity."The facility failed to ensure Patient A's medical record document was faxed to the intended recipient resulting in an unauthorized release of Patient A's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights