Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 9, 2014. Also cited in 24 other reports.
Report ID: SNAO11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Issue:
Based on interview and record review, the hospital failed to protect the patient rights for confidential treatment for one of one sampled patient (1), when a letter containing patient identifiable information (PII) was mailed to another patient. The failure resulted in the disclosure of Patient 1's PII to an unauthorized individual. Findings:The California Department of Public Health received a faxed report on 3/27/13, which indicated Patient 1's name, account number, date of service, and account balance were disclosed in a letter sent on 3/14/13 to an unauthorized individual (Patient 2). Patient 2 was deceased, and her family member read the letter. A hospital staff member (PBS) became aware of the above error on 3/14/13. During an interview on 7/9/14 at 11 a.m., the privacy officer (PO) stated, Patient 2's family member had a telephone conversation with PBS about a letter sent by the hospital which contained incorrect information. The incorrect information included information of another patient (Patient 1). PBS corrected the error and mailed the corrected letter to Patient 2's family member. The PO further stated the hospital was aware of the error when Patient 2's family member brought the letter with incorrect information to the business services office.On 7/9/14 at 11:30 a.m., during a conference telephone call with PBS, her supervisor, and the director of patient business services, PBS stated she had written a letter to Patient 2, which contained information regarding Patient 1. PBS further stated she realized she had made an error when she received a telephone call from Patient 2's family member. During the telephone call, PBS realized the letter she mailed to Patient 2 disclosed Patient 1's PII.A review of a copy of a letter dated 3/14/13, sent by the hospital to Patient 2, disclosed Patient 1's name, visit number, dates of service, and account balance.Review of a copy of a letter dated 3/28/13, from the hospital to Patient 1, indicated information from Patient 1's patient account had been inadvertently mailed to another patient (Patient 2).A review of the hospital's 3/2012 "Personnel Manual: Confidentiality of Patient and Hospital Business Information" indicated, all employees are responsible for upholding privacy, confidentiality, and information security.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights