Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VALLEY CHILDREN'S HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 14, 2014. Also cited in 40 other reports.
Report ID: 77AL11, California Department of Public Health
Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA
Issue:
Based on staff interview, clinical record and administrative document review, the facility failed to keep Protected Health Information (PHI) confidential when:1. Patient (Pt) 1's prescription (an order for the preparation and administration of a medicine given by a properly authorized person) was given to Pt 2. (CA00414477)2. Pt 4 was given a receipt for payment with Pt 3's account information. (CA00414493).3. Pt 5's prescription was included in Pt 6's discharge packet. (CA00415092)These failures placed Pt 1, Pt 3, and Pt 5's PHI at a potential risk for unauthorized use.Findings:CA004144771. On 11/14/14 at 11:15 a.m., during an interview, the Accreditation Coordinator (AC) stated an Emergency Department registered nurse (RN 1) gave Patient (Pt) 1's prescription to Pt 2. The AC stated RN 1 did not follow the hospital policy to verify the correct patient name was on all forms prior to giving them to Pt 2.The Protected Health Information (PIH) disclosed included Pt 1's name, birth date, medical record number, address, and telephone number.The hospital's policy and procedure, titled, "PHI, Use and Disclosure," dated 02/14, indicated, "...Policy: [Hospital name] and its employees are committed to protecting the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information." The hospital's policy and procedure, titled, "Confidentiality," dated 8/11, indicated, "...[Hospital's name] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intentional or unintentional..."CA004144932. On 11/14/14 at 11:41 a.m., during an interview, the Administrative Coordinator (AC) stated the Emergency Department Registrar (EDR) "collected a co-payment for [Patient 4], inadvertently posted that payment to [Patient 3's] account, then printed the receipt and gave it to Patient 4's mother, with Patient 3's information on it." The AC stated the EDR did not verify the patient information before "running the transaction in the system and giving the receipt to [Patient 4's] family...both steps are not following our policies and procedures."The Protected Health Information disclosed included Patient 3's name and hospital patient account number. The hospital's policy and procedure, titled, "PHI, Use and Disclosure," dated 02/14, indicated, "...Policy: [Hospital name] and its employees are committed to protecting the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information." The hospital's policy and procedure, titled, "Confidentiality," dated 8/11, indicated, "...[Hospital's name] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intentional or unintentional..."CA004150923. On 11/14/14 at 11:26 a.m., during an interview, the Accreditation Coordinator (AC) stated the Emergency Department registered nurse (RN 2) put Patient (Pt) 5's prescription for "Stomatitis Lidocaine Suspension" (an oral solution used to treat mouth pain) in Pt 6's discharge packet, when Pt 6 left the facility. The AC stated, when Pt 6 tried to get the prescription filled, a pharmacist called the facility to report the error. The AC stated RN 2 did not verify the patient information prior to placing Pt 5's prescription in Pt 6's discharge packet.The Protected Health Information disclosed included Pt 5's name, birth date, medical record number, address, and telephone number.The hospital's policy and procedure, titled, "PHI, Use and Disclosure," dated 02/14, indicated, "...Policy: [Hospital name] and its employees are committed to protecting the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information." The hospital's policy and procedure, titled, "Confidentiality," dated 8/11, indicated, "...[Hospital's name] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intentional or unintentional..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights