Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 4, 2014. Also cited in 46 other reports.
Report ID: X5Q411, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview and record review, the facility failed to maintain privacy and confidentiality of information for one patient (Patient A), when a physician (MD 1) disclosed a critical diagnosis to Patient A in the presence of family members. This resulted in the disclosure of Patient A ' s protected health information (PHI) without authorization.Findings:On August 7, 2014 a review of face sheet for Patient A was conducted. The face sheet indicated, Patient A was admitted to the facility on February 16, 2013 with diagnoses that included, unstable hypertension (blood pressure), weakness and chest pain. Patient A was diagnosed with pancreatic cancer (cancer in a body organ known as the pancreas), during the course of her hospital stay. Patient A was discharged on February 17, 2013.On August 7, 2014 at 11:05 AM, a phone interview was conducted with the Facility Privacy Officer (FPO). When asked how the breach occurred, she stated, "Patient A was a patient on an inpatient care unit at the facility. On February 16, 2013, MD 1 informed Patient A of a new diagnosis of pancreatic cancer in the presence of family members without authorization. Patient A was very upset and emotional support was provided by Patient A's nurse following MD 1's visit. Patient A requested to speak with the house supervisor. The house supervisor spoke with MD 1 and MD 1 returned to speak with Patient A. After MD 1 had returned and spoken with Patient A for a second time, Patient A was satisfied and no further emotional support was needed.""A review of facility policy and procedure titled, "Safe Guarding PHI and Sensitive Information), dated January 17, 2012, indicated: "V. Procedures for all facilities""C. Comply with reasonable requests by individuals for oral discussion of PHI to be conducted in a private manner by physically relocating to a more private location or by other means such as quitter tones of voice. Limit, as reasonable the incidental disclosure of PHI in oral form by using quiet tones of voice and reasonable physical safeguards such as dividers."The failure of the facility to maintain the confidentiality of Patient A's PHI resulted in the unauthorized release of Patient A's protected health information to a family member.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights