Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 5, 2015. Also cited in 46 other reports.
Report ID: JSOO11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview and record review, the facility failed to ensure Patient A' s protected health information (PHI) was protected during transmission by a computer facsimile (fax) system. A case manager (Employee 1) faxed the PHI to Insurance Company 1 instead of Patient A's insurance company, (Insurance Company 2). This failure resulted in a breach of Patient A's PHI because faxed electronic records were released without authorization to Insurance Company 1 for payment of services.Findings include:A phone interview was conducted with the Facility Privacy Officer (FPO), on March 5, 2015 at 3:25 PM, to investigate the breach of Patient A's PHI. When asked how the facility learned of the breach, the FPO stated the case management office received a voice-mail message from Insurance Company 1 stating they had shredded a document faxed to them. During an interview with Employee 1, on March 6, 2015 at 8:35 AM, when asked about looking at the insurance payer, Employee 1 stated, "I normally only look at only the review screen which is the top portion of the computer data screen which is visible when I click and go from the review screen to fax. But in the future I will scroll down to look at the insurance payer." When asked if Employee 1 verified the fax address, "Yes, but I must have seen Insurance Company 1 instead of Insurance Company 2."A record review of the facility' s policy and procedure titled, "Protected Health Information (PHI), Transfer of " , dated August 2012, indicated, "Fax machines/servers with pre-programming capabilities may be pre-programmed with the fax numbers of those recipients to whom PHI is frequently sent in order to minimize or avoid errors associated with misdialing. Pre-programmed fax numbers will be tested frequently to confirm they are still valid, no less than every six months. Confirmations of valid fax numbers will be maintained by the responsible department."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights