HIPAA Helper »
UNIVERSITY OF CALIFORNIA SAN FRANCISCO MEDICAL CENTER »
Dec 6, 2013

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

UNIVERSITY OF CALIFORNIA SAN FRANCISCO MEDICAL CENTER

505 PARNASSUS AVE, BOX 0296 SAN FRANCISCO,CA 94143

Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 6, 2013. Also cited in 108 other reports.

Report ID: KE6Z11.01, California Department of Public Health

Reported Entity: UCSF MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to notify the California Department of Public Health (CDPH) of the breach of personal patient health information within the required five business days after discovery.Findings:Patient 1 was seen at Neurosurgery clinic on 10/2/13. The physician who examined Patient 1 wrote a consult letter containing the patient's name, medical record number, date of birth and diagnoses.Record review of the consult letter and the fax cover letter indicated Patient 1's consult letter was faxed to another hospital. The hospital who received the fax notified the Neurosurgery Clinic on 10/3/13, that Patient 1 was not their patient and that the fax had been sent to them in error.During an interview on 12/6/13 at 10:06 AM, Privacy Analyst stated at the time of Patient 1's registration at the Neurosurgery clinic, the receptionist inadvertently selected a healthcare provider with the same name as the intended healthcare provider. He stated because the consult letter was electronically faxed, as soon as the physician finished the consultation, the consult letter will be sent automatically to the healthcare provider selected when Patient 1 registered. He stated the facility was made aware of the breach on 10/3/13 but the incident was not investigated until later because staff was assigned to investigate other breaches. The Privacy Analyst stated he was aware the breach was reported late to the Department and was late in informing Patient 1 of the breach.A fax letter dated 10/23/13 reporting Patient 1's information breach was received by the California Department of Public Health on 10/23/13.The facility was thirteen (13) days late in reporting the information breach to CDPH.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

The report containing this deficiency also includes information about 1 other violation. Note that these may be related to the same event: KE6Z11.02

Do you believe your privacy has been violated? Here’s what you can do: