Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSPITAL-MORENO VALLEY
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 17, 2013. Also cited in 13 other reports.
Report ID: UUGL11, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSPITAL-MORENO VALLEY
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized access of Patient 1's protected health information (PHI). This had the potential to result in misuse of private information.Findings:On July 17, 2013, at 3 p.m., an investigation was conducted for an entity reported incident. During an interview with the Director of Accreditation/Licensure and Regulatory Affairs (DA), and the Emergency Department Director (EDD), on July 17, 2013, at 3 p.m., the EDD stated on July 13, 2013, she was informed Patient 1's PHI had been disclosed to Patient 2. The EDD stated two pieces of paper with Patient 1's PHI was inadvertently mixed in with Patient 2's discharge instructions and given to the patient. The EDD stated Patient 2 presented the two items to a receptionist , during a clinic visit on July 12, 2013. On July 17, 2013, copies of the two items given to Patient 2, were reviewed. The first item, an ED sign-in sheet, contained Patient 1's name, date of birth, home telephone number and complete address, and reason for visit. The second item, a page of labels, contained Patient 1's medical record number and birth date. On July 17, 2013, a copy of the letter sent to Patient 1 was reviewed. According to the letter, documents containing PHI were inadvertently given to another patient. The PHI included the patient's name, medical record number, date of birth, date of visit., and discharge instructions.The facility policy titled, "Mitigation of Impermissible Uses and Disclosure of Protected Health Information,"with an effective date of September 23, 2013, was reviewed. The policy indicated, "Kaiser Permanente (KP) must take action to reduce or eliminate, to the extent feasible, any known harm caused by an impermissible use or disclosure of Protected Health Information (PHI) by KP or its business associates."The policy further indicated, "Protected Health Information (PHI) - Individually identifiable health information including demographic information...created or obtained by a covered entity that is related to an Individual's past, present, or future physical or mental health or condition, including the provision of his/her health care..." The policy further indicated, "...Individually identifiable means that the information either identifies the Individual or there is a reasonable basis to believe that the information can be used to identify the Individual, such as name, date of birth, address...other personal identifiers..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280