Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 6, 2014. Also cited in 44 other reports.
Report ID: TL4D11.01, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on interview, and record review, the facility failed to ensure a physician (MD 1) downloaded a list of 15 patients, that MD 1 had secured that list to ensure the confidential, protected health information (PHI) for all 15 patients while making rounds in the hospital. This breach of the 15 patients' PHI, placed the patrient's at risk of their information being viewed, and misused by unauthorized personnel.Findings:On May 6, 2014 at 11:00 AM, a phone interview was conducted with the Compliance Officer regarding an entity reported incident of a lost physician's list containing PHI for 15 patients. The Compliance Officer stated, "On March 18, 2014, MD 1 was making rounds throughout the facility. He had also gone back and forth to his car in the parking lot. When he went home that evening to input the patients' information remotely, he found his list was missing. He retraced his steps at both the hospital and parking lot, searched, his pockets, car and medical case, but could not find the list." MD 1 was unavailable for interview.On May 9, 2014 at 8:30 AM, an e-scanned (a document is scanned and then e-mailed) version of MD 1's patient list, and a copy of the HIPAA (health insurance portability and accountability act) that he had signed on March 6, 2011, were received. The list of patients contained the following: last name, first initial; diagnoses; length of stay; insurance type; and the service MD 1 had provided to each patient that day. The document indicated that MD 1's signature represented his understanding that it was his, "responsibility for complying with HIPAA requirements in his office practice."This failure to secure confidential patient information for 15 patients placed them at risk for identity theft, and for unauthorized person to access their PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights