Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Adventist Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 6, 2011. Also cited in 29 other reports.
Report ID: 8Q6D11, California Department of Public Health
Reported Entity: ADVENTIST MEDICAL CENTER
Issue:
Based on staff interview, facility and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's Discharge Instruction was mistakenly given to Patient 2.2. Laboratory Reports for Patient 3, Patient 4, Patient 5 and Patient 6 were mistakenly faxed to an outside unauthorized physician 3. Patient 7's Laboratory Report was mistakenly faxed to an outside unauthorized physician.4. Patient 8's Laboratory Report was mistakenly faxed to a nursing home. These failures placed the PHI for Patients 1, 3, 4, 5, 6, 7 and 8 at a potential risk for unauthorized use.Findings:Refer to CA002893981. On 12/6/11 at 3:30 p.m., Staff 1 (Privacy Officer) stated on 11/4/11 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on 10/30/11, during the discharge process, Staff 2 (Registered Nurse) mistakenly gave Patient 1's Discharge Instruction to Patient 2. Staff 1 stated Staff 2 should have double checked Patient 1's identification band to ensure the right patient was receiving the right information.On 1/30/12 the Discharged Instruction was reviewed and contained Patient 1's name, date of birth, date of service, address, phone number, attending physician, medical record number, diagnosis, medication prescribed and generalized care instructions.On 1/30/12 the facility policy and procedure number 1000.08.09 titled Confidentiality of Protected Health Information contained the following documentation: It is the policy to maintain confidentiality for patients at all times and under all circumstances. Breach of patient confidentiality through carelessness is when patient information is unintentionally or carelessly accessed, reviewed, or revealed without a legitimate need to know the patient information. Refer to CA00289793 2. On 12/6/11 at 3:30 p.m., Staff 1 stated on 11/14/11 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on 10/31/11 the laboratory reports for Patient 3, Patient 4, Patient 5 and Patient 6 were mistakenly faxed to an outside physician, who was not associated with the medical care of Patients 3-6.On 1/30/12 the Laboratory Reports were reviewed and contained Patient 3 - 6's name, date of birth, date of service, medical record number, account number, attending physician and laboratory results. On 1/30/12 the facility's policy and procedure number 1000.03.14, titled "Faxing Patient Protected Health Information contained the following documentation: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in correct fax number, confirm fax sent to correct fax number, as well as, request is appropriate and meets minimum necessary."Refer to CA002904753. On 12/6/11 at 3:30 p.m., Staff 1 stated on 11/17/11 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on 11/10/11 Staff 3 (Admitting Clerk) mistakenly faxed Patient 7's Laboratory Report to an outside physician, who was not associated with Patient 7's medical care.On 1/30/12 the Laboratory Report was reviewed and contained Patient 7's name, date of birth, date of service, medical record number, account number, attending physician and laboratory results. On 1/30/12 the facility's policy and procedure number 1000.03.14, titled "Faxing Patient Protected Health Information contained the following documentation: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in correct fax number, confirm fax sent to correct fax number, as well as, request is appropriate and meets minimum necessary."Refer to CA002904764. On 12/6/11 at 3:30 p.m., Staff 1 stated on 11/17/11 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on 11/15/11 Staff 4 (Admitting Clerk) mistakenly faxed Patient 8's Laboratory Reports to a nursing home.On 1/30/12 the Laboratory Report was reviewed and contained Patient 8's name, date of birth, date of service, medical record number, account number, attending physician and laboratory results. On 1/30/12 the facility's policy and procedure number 1000.03.14, titled "Faxing Patient Protected Health Information contained the following documentation: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in correct fax number, confirm fax sent to correct fax number, as well as, request is appropriate and meets minimum necessary."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights