Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SHARP CHULA VISTA MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 14, 2014. Also cited in 46 other reports.
Report ID: ZYGQ11, California Department of Public Health
Reported Entity: SHARP CHULA VISTA MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure that 50 patients personal and protected health information (PHI) was kept confidential when the emergency services manager emailed the list of 50 patients to an outside the facility contracted educational reimbursement company. As a result of this failure, the outside educational reimbursement company had access to 50 patients personal information. Findings: An on site investigation of an entity reported breach was initiated on 1/14/14. It was reported to the California Department of Public Health that, on 11/22/13, 50 emergency room (ER) patients were inadvertently emailed to the contracted educational reimbursement department (ERD). During an interview with the emergency department manager (EDM) on 1/14/14, at 11:10 A.M., the EDM stated that she had emailed an educational reimbursement form for one of her staff on 11/22/13. The EDM further explained, that in the email was an attachment which contained a screen shot of all patients seen in the ER on 11/22/13. The EDM stated that she had realized that the PHI information was sent to the ERD when she opened the email that she had sent and was unable to retrieve. In review of the screen shot, the information contained the following personal information:1. Patient name2. Age3. Reason for visit4. The name of the emergency room physician5. The name of the nurse6. room numberThe facility policy and procedure entitled "Health Information - Access use and Disclosure" dated 11/12, indicated "...Category III: Disclosure requiring authorization from the Patient/Legal Representative a. Disclosure of Protected Health Information for any reason other than the categories above require patient/legal representative authorization..."The EDM failure to double check and validate the correct email attachments prior to emailing to the ERD, resulted in the inadvertent and unauthorized release of protected health information.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights