Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
QUEEN OF THE VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 13, 2013. Also cited in 17 other reports.
Report ID: EFNO11, California Department of Public Health
Reported Entity: QUEEN OF THE VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of one patient's (Patient 2) medical information when Patient 2's X-ray images were sent to the wrong facility. This failure allowed the unlawful or unauthorized access to some of Patient 2's medical information. FindingsThe California Department of Public Health was notified on 8/12/13 that a breach of protected health information occurred on 8/6/13.During an interview on 8/13/13 at 9:15 a.m., Administrative Staff A stated that on 8/7/13, he was notified, by the facility emergency department manager that Unlicensed Staff B had sent a compact disc, containing Patient 2's X-ray images, along with Patient 1 when discharging to another hospital, on 8/6/13.Patient 2's protected health information on the compact disc included, her name, medical record number, date of birth, chest X-ray images, and brain magnetic resonance imagesDuring an interview on 8/13/13 at 9:15 a.m., Administrative Staff A also stated that it it was an error, in not following policy and procedure, when Unlicensed Staff B handed the compact disc, containing Patient 2's protected health information, to the paramedic transporting Patient 1 to another hospital without double checking Patient 1's identification.A review of the facility Policy and Procedure for "CONFIDENTIALITY" (2/3/11 ) reveals the following: "3.0 POLICY The protection of confidential, sensitive, and proprietary information is of critical importance to the facility, its work-force, and its patients. In addition, the safeguarding of patient information from unauthorized, inappropriate, and unlawful use and disclosure is required by law and is consistent with the values of the facility. Employees are required to follow all policies and procedures and the facilities Standards of Conduct regarding use and disclosure of business patient information, and to comply with all safeguards applicable to the employee's work area and the employee's scope of duty in order to ensure that business and patient information is safeguarded at all times..1.1.2 The employee will only use and disclose that patient information that is minimally necessary in order to accomplish the intended purpose of the use or disclosure..1.1.3 The employee will follow all facility policies and procedures and the facility's Standards of Conduct and take all precautions to prevent any intentional or unintentional use or disclosure of any trade secrets or confidential information about the facility, its employees, and its programs".A review of the facility pamphlet, given to all patients, for, "NOTICE OF PRIVACY PRACTICE" (no date) reveals the following: "We understand that medical information about you is personal. We are committed to protecting the privacy of medical information about you. In an effort to provide the highest quality medical care and to comply with certain legal requirements, we will and are required to: Keep your medical information private...Follow the terms of this notice."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280