Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 30, 2014. Also cited in 62 other reports.
Report ID: FDHB11, California Department of Public Health
Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview, clinical and administrative document review, the facility failed to keep Protected Health Information (PHI) confidential when:1. Patient (Pt) 1's billing statement was mailed to the wrong address.2. Patient (Pt) 2's lab results were faxed in error to another medical provider.3. Patient (Pt) 3's Discharge Instructions were given in error to an unknown patient.These failures resulted in unauthorized access to Patients 1, 2, and 3's PHI and the potential for abuse of the PHI.Findings:CA003982511. On 5/30/14 at 1:29 p.m., during a telephone interview, the Privacy Officer (PO) stated Employee 1 (E 1) failed to update P 1's demographic information in the Electronic Medical Record (EMR). This resulted in P 1's billing statement being mailed to an address that P 1 no longer resided at. The PO stated E 1 should have made sure all demographic information was current for P 1.Patient 1's PHI breached included name and account number.CA00394372 2. On 5/30/14 at 1:33 p.m., during a telephone interview, the PO stated E 2 faxed Pt 2's lab results to a medical provider in error. The PO stated E 2 was supposed to fax the lab results for someone else and should have checked to make sure she had the correct results before faxing.Patient 2's PHI breached included: name, medical record number, and lab results.CA003953713. On 5/30/14 at 1:37 p.m., during telephone interview, the PO stated E 3 gave Pt 3's discharge instructions to an unknown patient. E 3 did not get the name of the patient who returned the documents to the facility. PO stated E 3 should have verified the discharge instructions were being given to the correct patient.Patient 3's PHI breached included: name, medical record number, account number, and clinical findings.The Hospital's Policy and Procedure titled, "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12 indicated, "Protected health information includes any information received, created or maintained by... in which the patient is... identified, regardless of whether the information is in oral, paper or electronic form. It is the responsibility of all ... workforce members to comply with policies and procedures..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights