Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ALVARADO HOSPITAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 7, 2012. Also cited in 14 other reports.
Report ID: 7HVQ11.01, California Department of Public Health
Reported Entity: ALVARADO HOSPITAL MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to safeguard protected health information (PHI) from unauthorized persons in accordance with their policies and procedures, for 1 of 1 sampled patients (Patient 1). Patient 1's transport slip containing confidential patient/health information was found commingled with Patient 2's discharge paperwork.Findings:On 7/17/12 at 11:15 A.M., the hospital reported to the Department that an unauthorized disclosure of Patient 1's confidential health information occurred when a radiology document (transport slip) was inadvertently left behind during a transport and was found commingled with another patient's (Patient 2) discharge paperwork.An interview with the Health Information Management (HIM) supervisor was conducted on 8/7/12 at 3:20 P.M. The supervisor stated that the hospital had received a phone call from Patient 1's caregiver, informing them that she was going through the patient's discharge paperwork when she came across a document belonging to Patient 2. She stated that it was identified that Patient 2's radiology transport slip was found commingled with Patient 2's discharge paperwork.A review of Patient 1's medical record was conducted on 8/7/12 at 3:30 P.M. Patient 1 was admitted to the hospital on 6/25/12, with a diagnosis that included bradycardia (abnormally slow heart action) and was discharged on 6/27/12, per the facesheet. Patient 1's transport slip contained the following confidential patient/health information: name, medical record number, account number, date of birth, sex, telephone number, last exam date, ordering physician name, attending physician name, transport date requested, date ordered, transport type, diagnosis, reason for exam, ordered procedures and a list of exams performed with their completion dates.A review of Patient 2's medical record was conducted on 8/7/12 at 3:30 P.M. Patient 2 was admitted to the hospital on 6/25/12, with a diagnosis that included altered level of consciousness and was discharged on 6/27/12, per the facesheet.An interview and joint document review with the lead transporter was conducted on 8/24/12 at 1:45 P.M. The transporter stated that during patient transports, they used the transport slips to help identify the correct patient for the correct procedure and transport to correct location. He acknowledged that he recalled transporting Patient 1 to his procedure and that the transport slip copy was his. He stated that he identified the transport slip as his because of a signature fold that he would make on all his patient transports. He acknowledged that he inadvertently left Patient 1's transport slip behind during the patient transport and did not know it had been found commingled with Patient 2's discharge paperwork until it was brought to his attention by the Director of Radiology (DOR).A review of the hospital's policy entitled "HIPAA Privacy Rule," revision date of 9/26/11, was conducted on 8/24/12. The policy indicated that protected health information may be disclosed when the individuals (or their personal representatives) request access to, or an accounting of disclosures of, or was part of an investigation by the Department of Public Health or other enforcement action. Per the same policy, it stipulated that disclosures of protected health information required the individual's written authorization and if they were not authorized there was a list of purposes or situations that allow a disclosure to occur: 1) To the individual;2) Treatment, Payment, and Health Care Operations;3) Opportunity to Agree or Object;4) Incident to an otherwise permitted use and disclosure;5) Public Interest and Benefit Activities; and 6) Limited data set for the purposes of research, public health or health care operationsAn interview and joint document review with the DOR was conducted on 8/24/12 at 2:15 P.M. The DOR stated that his lead transporter inadvertently left behind the transport slip that the radiology department staff used when transporting patients throughout the hospital for procedures or scans. He acknowledged that there was confidential patient information on the transport slips. He acknowledged that an unauthorized disclosure occurred when Patient 1's transport slip was found commingled with Patient 2's discharge paperwork.An exit conference was held with the Director of Health Information Management (DHIM) on 8/24/12 at 3:30 P.M. The DHIM acknowledged that the hospital's practice was to safeguard protected patient/health information and the HIPAA (Health Insurance Portability and Accountability Act- a law that restricts access to individuals' private medical information) Privacy Rule policy was implemented by all hospital staff.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights