Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CLOVIS COMMUNITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 14, 2014. Also cited in 27 other reports.
Report ID: Q7EH11, California Department of Public Health
Reported Entity: CLOVIS COMMUNITY MEDICAL CENTER
Issue:
Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's Courtesy Foot Print Certificate was labeled with Patient 2's label. (CA00418819)2. Patient 3 received a Summary of Care document belonging to Patient 4. (CA00419096) These failures resulted in the breach of Patient 2 and Patient 4's PHI for and the potential for unauthorized use.Findings:Referred to CA004188191. On 11/14/14 at 2:31 p.m., during an interview, the Privacy Officer (PO) stated Registered Nurse (RN) 1 placed a label for Patient 2 on a Courtesy Foot Print Certificate belonging to Patient 1 . The PO stated RN 1 did not check to make sure she had the correct label on the Certificate before she gave it to Patient 1. The Certificate was returned to the hospital and the label was removed.The PHI breached included Patient 2's name, date of birth, medical record number, and account number.The hospital policy and procedure titled "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12, indicated "III. Guidelines: A. Protected Health Information and Records: 1. Protected health information includes any information received, created or maintained by... in which the patient is... identified, regardless of whether the information is in oral, paper, or electronic form. I. Accurate Information: 1. It is the responsibility of all individuals who collect information from patients or who record information about patients in a chart, medical record... to be as accurate and complete as possible." Referred to CA004190962. On 11/14/14 at 2:33 p.m., during an interview, the PO stated she was notified by Patient 3 that she had received a Summary of Care form that belonged to Patient 4. The PO stated RN 2 selected the wrong name on the computer when she was printing the form. The incorrect Summary of Care form was retrieved from Patient 3.The PHI breached included Patient 4's name, medical record number, date of birth, address, gender, phone number, and clinical information.The hospital policy and procedure titled "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12, indicated "III. Guidelines: A. Protected Health Information and Records: 1. Protected health information includes any information received, created or maintained by... in which the patient is... identified, regardless of whether the information is in oral, paper, or electronic form. I. Accurate Information: 1. It is the responsibility of all individuals who collect information from patients or who record information about patients in a chart, medical record... to be as accurate and complete as possible."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights