Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 15, 2012. Also cited in 64 other reports.
Report ID: 4D4P11.01, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Based on staff interviews and review of facility documents, the facility failed to: 1. Prevent the unlawful or unauthorized access to or disclosure of the personal health information (PHI), for 11 patients (Patients 1-11) whose health screening tests were not forwarded on to the intended recipients and the facility's shipping services could not locate the PHI. 2. To report an unauthorized disclosure of medical information for eleven Patients (Patients 1-11) to the Department within 5 calendar days.Findings:1. On 2/22/12 at 11:30 a.m., the facility's "Breach Investigation" report was reviewed. The report indicated that the breach was discovered on 11/10/09, when a patient contacted the facility and asked where his health screening results were. Further review showed that the facility's shipper could not locate the PHI. On 5/9/12 at 11:20 a.m., the facility's Compliance Officer (CO) was interviewed over the telephone. The CO stated that once they found out that the PHI for Patients 1-11 was missing, they contacted the shipper who was unable to find the documents. On 5/9/12 at 2:18 p.m., the facility's Purchasing Manager (PM) was interviewed over the telephone and she stated that they used to just hand the packages to the shipper who would then scan them into their system. 2. On 2/22/12 at 11:30 a.m., the facility's "Breach Investigation" report was reviewed. The report indicated that the breach was discovered on 11/10/09, when a patient contacted the facility and asked where his health screening results were. Further review showed that the facility's shipper could not locate the PHI. The facility should have notified the department no later than five calendar days after detecting the possible breach. The Department received a letter from the facility on 12/7/09, 22 days after it should have been reported. On 5/9/12 at 11:20 a.m., via telephone, the facility's Compliance Officer (CO) was interviewed over the telephone and confirmed the above.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280