Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VICTOR VALLEY GLOBAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 30, 2015. Also cited in 8 other reports.
Report ID: 738U11, California Department of Public Health
Reported Entity: VICTOR VALLEY GLOBAL MEDICAL CENTER
Issue:
Based on interview, and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when a Health Information Department Clerk (HID) faxed Patient A's PHI to a private party.This failure resulted in a breach of Patient A's PHI.Findings:During a interview on April 30, 2015 at 1:35PM, with the Compliance Privacy Officer (CPO) regarding an entity reported incident of a breach of PHI for Patient A, detected on April 6, 2015. The CPO stated, the Health Information Department Clerk (HID) intended to fax Patient A's PHI to (Name of Doctor) but faxed it to a private party. The private party who received Patient A's PHI called and notified the facility of the misdirected fax and subsequently shredded the breached documents.During an interview on April 30, 2015 at 2:15PM, with the HID, she stated that Patient A's PHI was placed in the fax machine to be faxed to (Name Of Doctor) but misdialed. Patient A's PHI was inadvertently faxed to a private party. When asked how this happened, HID stated, she was in a hurry and was trying to get it done before the end of the shift. When asked what is the facility's process for faxing, the HID stated, a transmittal cover sheet is filled out, we verify the fax number is correct, and verify that the fax number and the number on the fax machine screen matches.During a review of the documents faxed to the private party in error, the documentation contained Patient A's name, date of birth, medical record number and account number.A review of the facility's policy and procedure titled, "Faxing Patient Information," dated November, 2011, indicated, "It is the policy of (name of facility) to ensure that medical records sent or received by facsimile (fax) will maintain both patient confidentiality and medical record integrity."The failure of the HID to ensure the fax number was for the intended recipient before faxing Patient A's PHI, resulted in the unauthorized release of Patient A's PHI to an unintended private party.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights