Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Adventist Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 31, 2013. Also cited in 29 other reports.
Report ID: GDV411, California Department of Public Health
Reported Entity: ADVENTIST MEDICAL CENTER
Issue:
Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when Staff 1 faxed PHI for Patient 1, 2, 3, 4, 5, 6, 7, 8, 9, and 10 to the wrong number in error . These failures placed Patient's 1, 2, 3, 4, 5, 6, 7, 8, 9, and 10's PHI at a potential risk for unauthorized use. Findings:On 12/31/13 at 3:00 p.m. during an interview, the Privacy Officer (PO) confirmed that 10 patient's misdirected faxes were reported to the department on 12/7/12. The PO stated all 10 misdirected faxes were sent to the wrong recipient in error. The PO was made aware of one of these misdirected faxes by Staff 1 on 12/6/12. The PO had reported the first misdirected fax to the department on 12/7/12 . The PO stated the misdirected faxes indicated the following PHI had been breached:For Patient 1: The PHI breached was: Name, date of birth (DOB), home address, telephone number, insurance information, social security number (SSI), date of service, medical record (MR) number (#)/account #, Diagnosis and/or clinical findings, Medical Doctor (MD)/progress notes, medical/social history and phone numbers of relatives and friends. For Patient 2: The PHI breached was: Name, date of birth (DOB), home address, telephone number, insurance information, social security number (SSI), date of service, medical record (MR) number (#)/account #, Diagnosis and/or clinical findings, Medical Doctor (MD)/progress notes, medical/social history and phone numbers of relatives and friends. For Patient 3: The PHI breached was: Name, date of birth (DOB), home address, telephone number, insurance information, social security number (SSI), date of service, medical record (MR) number (#)/account # and phone numbers of relatives and friends. For Patient 4: The PHI breached was: Name, date of birth (DOB), home address, telephone number, insurance information, social security number (SSI), date of service, medical record (MR) number (#)/account # and phone numbers of relatives and friends. For Patient 5: The PHI breached was: Name, date of birth (DOB), home address, telephone number, insurance information, social security number (SSI), date of service, medical record (MR) number (#)/account # and phone numbers of relatives and friends. For Patient 6: The PHI breached was: Name, date of birth (DOB), home address, telephone number, insurance information, social security number (SSI), date of service, medical record (MR) number (#)/account # and phone numbers of relatives and friends. For Patient 7: The PHI breached was: Name, date of birth (DOB), home address, telephone number, insurance information, social security number (SSI), date of service, medical record (MR) number (#)/account # and phone numbers of relatives and friends. For Patient 8: The PHI breached was: Name, date of birth (DOB), home address, telephone number, insurance information, social security number (SSI), date of service, medical record (MR) number (#)/account # and phone numbers of relatives and friends. For Patient 9: The PHI breached was: Name, date of birth (DOB), home address, telephone number, insurance information, social security number (SSI), date of service, medical record (MR) number (#)/account # and phone numbers of relatives and friends. For Patient 10: The PHI breached was: Name, date of birth (DOB), home address, telephone number, insurance information, social security number (SSI), date of service, medical record (MR) number (#)/account #, Diagnosis and/or clinical findings, Medical Doctor (MD)/progress notes, History and Physical, medical/social history and phone numbers of relatives and friends. The facility's policy and procedure number 1000.03.14, titled "Faxing Patient Protected Health Information contained the following documentation: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in correct fax number, confirm fax sent to correct fax number, as well as, request is appropriate and meets minimum necessary."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights