Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Adventist Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 23, 2012. Also cited in 29 other reports.
Report ID: 9PFV11, California Department of Public Health
Reported Entity: ADVENTIST MEDICAL CENTER
Issue:
Based on staff interview, facility and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's laboratory report was mistakenly faxed to the office of a physician not associated with Patient 1's care.2. Patient 2's medical imaging report was mistakenly faxed to the office of a physician not associated with Patient 2's care.3. Patient 3's progress notes were mistakenly faxed to a private business without prior authorization. These failures placed the PHI for Patient 1, Patient 2 and Patient 3 at a potential risk for unauthorized use.Findings:Refer to CA002990331. On 3/27/12 at 10:40 a.m., Staff 1 (Privacy Officer) stated on 1/30/12 the hospital became aware of a possible privacy breach. The hospital's internal investigation revealed on 11/12/11 Staff 2 (Patient Registrar) mistakenly faxed Patient 1's laboratory report to the office of a physician not associated with Patient 1's care.On 3/27/12 at 10:45 a.m., Staff 1 stated the laboratory report contained Patient 1's name, date of birth, date of service, medical record number, account number and laboratory results.On 3/27/12 the facility policy and procedure number 1000.08.09 titled "Confidentiality of Protected Health Information" contained the following documentation: "Adventist Health is committed to protecting the privacy and security of protected health information (PHI)...It is the policy to maintain confidentiality for patients and employees at all times and under all circumstances. On 3/27/12 the facility's policy and procedure number 1000.03.14, titled "Faxing Patient Protected Health Information contained the following documentation: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in correct fax number, confirm fax sent to correct fax number, as well as, request is appropriate and meets minimum necessary."Refer to CA003009682. On 3/27/12 at 10:40 a.m., Staff 1 stated on 2/23/12 the hospital became aware of a possible privacy breach. The facility's internal investigation revealed Patient 2's medical imaging report was mistakenly faxed to the office of a physician not associated with Patient 2's care. On 3/27/12 at 10:45 a.m., Staff 1 stated the medical imaging report contained Patient 1's name, date of birth, date of service, medical record number, account number and X-ray results.On 3/27/12 the facility policy and procedure number 1000.08.09 titled "Confidentiality of Protected Health Information" contained the following documentation: "Adventist Health is committed to protecting the privacy and security of protected health information (PHI)...It is the policy to maintain confidentiality for patients and employees at all times and under all circumstances. On 3/27/12 the facility's policy and procedure number 1000.03.14, titled "Faxing Patient Protected Health Information contained the following documentation: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in correct fax number, confirm fax sent to correct fax number, as well as, request is appropriate and meets minimum necessary."Refer to CA003022473. On 3/27/12 at 10:40 a.m., Staff 1 stated on 2/7/12 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on 2/3/12 Patient 3's progress notes was mistakenly faxed to an outside business. Staff 1 stated the facility was unable to identify exactly how the error occurred, On 3/27/12 at 10:45 a.m., Staff 1 stated the progress notes contained Patient 3's name, date of birth, date of service, medical record number, diagnosis, physical assessment, current medication and laboratory results.On 3/27/12 the facility policy and procedure number 1000.08.09 titled "Confidentiality of Protected Health Information" contained the following documentation: "Adventist Health is committed to protecting the privacy and security of protected health information (PHI)...It is the policy to maintain confidentiality for patients and employees at all times and under all circumstances. On 3/27/12 the facility's policy and procedure number 1000.03.14, titled "Faxing Patient Protected Health Information contained the following documentation: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in correct fax number, confirm fax sent to correct fax number, as well as, request is appropriate and meets minimum necessary."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights