Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
MARIN GENERAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 5, 2012. Also cited in 63 other reports.
Report ID: 8PR911, California Department of Public Health
Reported Entity: MARIN GENERAL HOSPITAL
Issue:
Based on interview, and review of hospital records, the hospital failed to prevent the unauthorized disclosure of protected health information when hospital staff left Patient 1's name and diagnosis on a private answering machine in error, with potential for unauthorized use of Patient 1's private health information.Findings:On 12/30/11 at 13:10, (1:10 p.m.), the Department received an Entity Reported Incident which indicated Patient 1's confidential patient information intended for an insurance company, had been left on the incorrect telephone answering machine.During an interview, and concurrent review of hospital records, on 1/5/12 at 11a.m., Risk Manager A stated, Case Manager B reported to hospital administration on 12/29/11, she had left Patient 1's medical information, on an answering machine she mistakenly thought was an insurance company. Risk Manager A provided copies of e-mails, sent by Case Manager B on 12/30/11, which reported the breach to hospital administration. Review, of the e-mail, indicated Case Manager B called a number she had for an insurance company, left partial patient information and then the machine was full. Case Manager B reported she called back to continue to leave information and noticed on the screen that she had only a partial number. Case Manager B then realized, after she dialed 9 for an outside line, she had neglected to dial a 1 for long distance, and had reached a local number, where she had left the patient information. Case Manager B wrote, she called the number back and left a message that asked the information she had left be discarded, however she was not able to reach the person directly. Case Manager B was unavailable for interview.Risk Manager A provided a print out of the information left on the incorrect answering machine, review of the printout indicated the information included the patient's name, diagnosis, and religion. Risk Manager A also provided a copy of a letter dated 12/30/11, sent to Patient 1 to notify her of the breach.Risk Manager A stated Case Manager B had retraining regarding patient rights to privacy, and the hospital had written a new hospital policy regarding disclosure of patient medical information, however it had not yet been approved.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280