Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SOUTH COAST GLOBAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 1, 2012. Also cited in 43 other reports.
Report ID: K7Z411.01, California Department of Public Health
Reported Entity: COASTAL COMMUNITIES HOSPITAL
Issue:
Based on interview and hospital document review, the hospital failed to prevent the disclosure of seven patients' (Patients Aa, Bb, Jj, Kk, Mm, Oo and Pp ) protected health information (PHI) to unauthorized individuals. Findings:1. On 5/14/12, the hospital's HCO was made aware breaches of PHI occurred on 5/10/12 and 5/11/12. On 5/10/12, an After Care Instructions form belonging to another patient, in the ED, was stamped with the addressograph of Patient Aa. The form was taken home by the other patient.The PHI disclosed included Patient Aa's name, DOB, MR#, account #, age, sex, date of admission and physician's name.2. On 5/16/12, the Department was notified a breach of Patient Bb's PHI occurred on 5/11/12.On 5/11/12, Patient Bb was in the ED. The addressograph belonging to Patient Bb was used to stamp the Aftercare Instruction form belonging to another patient.The other patient was discharged from the ED with Patient Bb's PHI from the addressograph stamped on the Aftercare Instruction form.Patient Bb's disclosed PHI included name, DOB, age and gender, date of admission, MR #, account # and physician.3. Review of hospital documentation showed a breach of Patient Jj's occurred on 8/14/12.On 8/23/12, the hospital's HCO was made aware the Medication Reconciliation form belonging to another patient, in the ED, was stamped with Patient Jj's addressograph.Patient Jj's PHI disclosed included name, DOB, age, MR#, account #, date of admission and name of the physician.4. On 9/6/12, the hospital's HCO was notified a breach of PHI occurred on 9/3/12 in the ED.Patient Kk's addressograph was used to stamp the After Care Instructions form belonging to another patient.The PHI disclosed included Patient Kk's name, DOB, MR#, account #, age, sex, date of admission and the physician's name.5. On 1/23/12, the hospital was notified a breach in the Admitting Department had occurred on 10/21/12.On 10/21/12, another patient was given a payment receipt with PHI belonging to Patient Mm on it.Patient Mm's PHI disclosed included the patient's name and account #. On 2/7/12 at 1100 hours, during a telephone interview the HCO confirmed the breaches of PHI as documented. 6. On 10/4/12, an employee of a local skilled nursing facility stopped by the hospital's CM office. Their conversation included PHI regarding Patient's Oo and Pp. The CM told the employee she had contracted Norweigian scabies (a contractible mite infection of the skin) from Patient Oo, who had infected 50 employees at the SNF where he came from and where the employee worked. In addition, the CM stated Patient Pp, who was in the hospital's ICU, had Norwegian scabies also. The employee of a local skilled nursing facility informed the facility's Administrator, who then contacted the hospital. Both Patient Oo and Pp's unauthorized disclosure of PHI included name, place of residence and hospital location.On 2/7/12 at 1100 hours, during a telephone interview the HCO confirmed the breaches of PHI are as documented.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280