Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST BERNARDINE MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 7, 2014. Also cited in 41 other reports.
Report ID: 35H411, California Department of Public Health
Reported Entity: ST BERNARDINE MEDICAL CENTER
Issue:
Based on interview, and record review, the facility failed to ensure that Patient A's protected health information (PHI) was kept confidential when it was faxed by a Health Information Management (HIM) technician (Employee A)to the wrong department at an outside agency. This resulted in a breach of Patient A's PHI.Findings:An unannounced visit was made to the facility to investigate an entity reported event of a possible breach of PHI for Patient A.During an interview with the Director of Risk Management and Quality on January 7, 2014 at 11:35 AM, she said, " On December 1, 2013, a HIM technician (Employee 1) faxed Patient A's medical record as requested to [used name of hospital], however, he faxed the information to the wrong department at the facility. [Used name of department ] called us and told us of the error and that they had shredded the documents." When asked what had been faxed, the Director stated, " two discharge summaries from November 26, 2013, history and physical dated November 31, 2013; procedure notes dated November 23, and 25, 2013. Each form contained Patient A's a name , date of birth, address, sex, medical and account numbers, dates of admission and discharge, diagnoses, personal history and course of treatment. "A review of the facility policy and procedure titled,"Fax Procedure and Device Maintenance," dated August 2009, indicated that staff were to use the "Fax Pause Procedure." A review of this procedure indicated that when a staff was going to fax they were to send a "fax verification form" first, then pause and be sure the number showing in the window matched the number on the fax verification before hitting the "send" button."During a review of the written report submitted to the California Department of Public Health , Licensing and certification Unit, dated December 6,2013, the report indicated the HIM technician ((Employee 1) had inadvertently, "faxed a nine page document on December 1, 2013 to another facility for the continuation of care. These documents contained:Patient A's name, date of birth, age, sex, medical record number, encounter number, room number, physician's names and addresses, admitting diagnosis, hospital course, final diagnosis, discharge medications, history of present illness,past medical history and surgical history, allergies, family and social history, and review of systems with the physician's findings." The report further indicated that the error was discovered when , "within an hour of receiving the fax in error, the department at the outside facility called and reported the error and destroyed the documents. Employee 1 was counseled and re-educated on how to safeguard PHI."Employee 1 failed to follow facility policy on sending PHI via facsimile (FAX) which resulted in Patient A's confidential medical information being released to the wrong department at an outside facility.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights