Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VICTOR VALLEY GLOBAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 13, 2015. Also cited in 8 other reports.
Report ID: QVYM11.01, California Department of Public Health
Reported Entity: VICTOR VALLEY GLOBAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of Patient B's protected health information (PHI) when an Emergency Room Doctor (MD 1) gave a medical record containing Patient B's PHI to Patient A. This resulted in an unauthorized disclosure of Patient B's PHI.Findings:On April 13, 2015 at 11:10 AM, a phone interview was conducted with the Compliance and Privacy Officer (CPO) regarding an entity reported incident of a breach of Patient B's PHI detected by the facility on January 3, 2014. The CPO stated Patient A's physician (MD 1) gave Patient A copies of her laboratory results and in between the papers, was a medical record document of another patient (Patient B). The document contained Patient B's name, date of birth, age, gender, home address, home phone number, cell phone number, social security number, insurance name, insurance policy number, insurance group number, and diagnosis.The CPO stated Patient B's document was probably being printed out at the same time the MD 1 printed Patient A's lab work. MD 1 did not check each page to make sure they were all the right documents for Patient A.The CPO stated that Patient B was notified on January 6, 2014 of the breached PHI, and provided a copy of the letter.On April 20, 2015 at 1:45 PM, a phone interview was conducted with the MD 1 regarding this entity reported incident. The MD 1 stated the printer is shared with the registration department and he tries to make sure all the documents he prints are the correct ones, but sometimes the Registration Department's documents being printed get in between the documents the Emergency Room Department print. MD 1 stated with this incident, he missed it. "It (medical record document containing Patient B's PHI) probably slipped through the cracks."A copy of the letter sent to Patient B dated January 6, 2014 informing her about the breached PHI was reviewed.A review of the medical record document which contained Patient B's PHI was reviewed and showed Patient B's name, date of birth, age, gender, home address, home phone number, cell phone number, social security number, insurance name, insurance policy number, insurance group number, and diagnosis.A review of the facility's policy and procedure titled, "Confidentiality of Protected Health Information" dated October 2010, indicated "It is the policy of (name of facility) to maintain confidentiality for patients and employees at all times and under all circumstances."The facility failed to ensure the correct documents were given to Patient A resulting in an unauthorized release of Patient B's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights