Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 16, 2014. Also cited in 44 other reports.
Report ID: 1ODU11.01, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the safeguarding of protected health information (PHI) for two patients (Patient A and B), when a dental resident (Dentist 1) left a laptop computer containing photos and clinical information, in his car outside a public restaurant. This resulted in Patient A and B's PHI being removed by an unauthorized person when Dentist 1's car was burglarized and the laptop was stolen, placing the patients at risk for identity theft.Findings:On July 16, 2014 at 11:00 AM, a phone interview was conducted with the facility privacy officer (FPO) to investigate an entity reported incident of a breach of PHI for two patients (Patient A and B).During a review of letter sent to the California Department of Public Health dated May 21, 2010, the facility indicated on May 11, 2010 a dental resident (Dentist 1) had his car parked in front of a local eaterty. Dentist 1's laptop computer was stolen from his vehicle and contained both patient's names, medical record numbers, date of birth and a full face picture.During a review of the letters dated May 21, 2010, addressed to both Patient A and Patient B, the facility informed them of the theft of the laptop containing their personal information and made them aware a police report had been filed.A review of a secure e-mail sent from the facility FPO was conducted on July 17, 2014, at 9:36 AM. The FPO indicated that the facility could not identify immediately the patients who had been affected by the stolen laptop, and Dentist 1 was no longer affiliated with the facility to interview further. The laptop was never recovered.Dentist 1's failure to secure confidential patient information to prevent unauthorized access by others when not in his presence, placed Patient A and B at risk for identity theft.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights