Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 9, 2014. Also cited in 46 other reports.
Report ID: 86EQ11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview, and record review, the facility failed to ensure that confidential protected health information (PHI) from Patient A's emergency room (ER) visit, was sent by facsimile (FAX) to the intended recipient. This resulted in Patient B's PHI being misdirected to a local business, who had no authorization to view Patient B's PHI.Findings:On April 9, 2014 at 1:30 PM, a visit was made to the facility to investigate an entity reported incident of a misdirected fax that contained confidential PHI for Patient B.During an interview with the Director of Quality on April 9, 2014 at 1:40 PM, she stated, On February 15, 2014, a staff member from the emergency room department was sending Patient B's ER records to another general acute care hospital which was his insurance provider. The staff inadvertently sent the paperwork and it was received by a local business, who mailed the documents back to the hospital on February 26, 2014. The fax numbers were identical except for the staff did not put a "1" first. We could not identify which staff had sent the fax."A review of the documents sent in error was conducted on April 9, 2014 at 2:15 PM, and the documentation included: Patient A's face sheet that contained his demographics including his social security number. In addition, Patient A's laboratory results for chemistry blood panel,liver panel,drug screen,the ER triage assessment, the ER physician assessment and diagnoses were also sent.A review of the facility policy and procedure titled, "Protected Health Information, Transfer of,"dated August 2012, indicated that employees were to use the fax to transmit information only when the mail would not meet the needs. Under "Procedures," the policy indicated, "employees will take reasonable steps to ensure that a fax transmission is sent to and received by the intended recipient." The policy then outlines the steps to include:a. " Complete a Fax test cover sheet and request recipient send the cover sheet back as confirmation..."b. " Communicate the need for the recipient to send back fax verification..."c. "Enter fax number into the machine."d. "Have a second staff member verify the correct fax number has been entered as documented on the PHI Facsimile cover sheet..."During an interview with the Director of Quality at 3:15 PM, she stated, "There were two fax machines and they needed to enter "9" on this one so that it went to a local number.The inadvertent faxing of Patient A's PHI placed him at risk for identity theft.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights