Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Adventist Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 18, 2012. Also cited in 29 other reports.
Report ID: WBHU11, California Department of Public Health
Reported Entity: ADVENTIST MEDICAL CENTER
Issue:
Based on staff interview, facility and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's Discharge Summary was mistakenly faxed to the wrong physician.2. Patient 2's Mammogram Appointment Slip was mistakenly given to Patient 3. 3. Patient 4's Discharge Medication List was mistakenly given to Patient 5.4. Patient 7 was given a Photo Image that was mistakenly labeled with Patient 6's PHI.This failure placed the PHI for Patients 1, 2, 4 and 6 at a potential risk for unauthorized use.Findings:Refer to CA00311081 1. On 6/18/12 at 10:50 a.m., Staff 1 (Privacy Officer) stated On 5/10/12 Staff 2 (Transcriptions) mistakenly faxed Patient 1's Discharge Summary to a local physician's office, who was not associated with Patient 1's care. Staff 1 stated Staff 2 did not verify the correct physician prior to faxing the PHI.On 6/18/12 at 10:52 a.m., Staff 1 stated the Discharge Summary contained Patient 1's name, date of birth, date of service, medical record number, chief complaint, medication and lab and X-ray results.On 6/18/12 the facility's policy and procedure number 1000.03.14, titled "Faxing Patient Protected Health Information contained the following documentation: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in correct fax number, confirm fax sent to correct fax number, as well as, request is appropriate and meets minimum necessary."CA00311202 2. On 6/18/12 at 10:57 a.m., Staff 1 stated on 4/23/12 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on 4/9/12 Patient 2's Appointment Slip was mistakenly given to Patient 3. Staff 1 stated the staff should have verified the patients identification prior to handing out appointment slips. On 6/18/12 at 11:00 a.m., Staff 1 stated the Appointment Slip contained Patient 1's name, date of birth, medical record number, account number and scheduled date of service.On 6/18/12 the facility policy and procedure number 1000.08.09 titled Confidentiality of Protected Health Information contained the following documentation: It is the policy to maintain confidentiality for patients at all times and under all circumstances. Breach of patient confidentiality through carelessness is when patient information is unintentionally or carelessly accessed, reviewed, or revealed without a legitimate need to know the patient information. CA00311476 3. On 6/18/12 at 11:05 a.m., Staff 1 stated on 5/16/12 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on 5/13/12 Patient 4's Discharge Medication List was mistakenly given to Patient 5. Staff 1 stated the staff should have checked the patient's identification band to ensure the right patient received the right document.On 6/18/12 at 11:08 a.m., Staff 1 stated the Discharge Medication List contained Patient 4's name, date of birth, address, date of service, medication record number and prescribed medication.On 6/18/12 the facility policy and procedure number 1000.08.09 titled Confidentiality of Protected Health Information contained the following documentation: It is the policy to maintain confidentiality for patients at all times and under all circumstances. Breach of patient confidentiality through carelessness is when patient information is unintentionally or carelessly accessed, reviewed, or revealed without a legitimate need to know the patient information. CA00311482.4. On 6/18/12 at 11:12 a.m., Staff 1 stated on 5/8/12 the facility was became aware of a possible privacy breach. The facility's internal investigation revealed on 5/7/12 Medical Imaging staff mistakenly placed Patient 6's label onto Patient 7's Photo Image. The Photo Image containing Patient 6's label was given to Patient 7. Staff 1 stated Medical Imaging staff should have ensured the correct label was being placed on the correct Image.On 6/18/12 at 11:15 a.m., Staff 1 stated the label contained Patient 6's name, date of birth, date of service and medical record number.On 6/18/12 the facility policy and procedure number 1000.08.09 titled Confidentiality of Protected Health Information contained the following documentation: It is the policy to maintain confidentiality for patients at all times and under all circumstances. Breach of patient confidentiality through carelessness is when patient information is unintentionally or carelessly accessed, reviewed, or revealed without a legitimate need to know the patient information.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights