Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SONOMA VALLEY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 19, 2013. Also cited in 10 other reports.
Report ID: ZYJ011, California Department of Public Health
Reported Entity: SONOMA VALLEY HOSPITAL
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of a patient's (Patient 1) protected health information, when some of Patient 1's medical information was faxed, along with Patient 2's record, to Another Facility. This failure allowed the unlawful or unauthorized access to Patient 1's protected health information.Findings:The California Department of Public Health was notified on 2/15/13 that a, "Breach of Protected Health Information (PHI)", occurred on 2/4/13.During an interview on 2/21/13 at 2 p.m., Administrative Staff B stated that, on 2/14/13 she had received, from Patient 2, a copy of Patient 1's Discharge Instruction Summary and Instructions which had been included in Patient 2's PHI fax to Another Facility. This information included Patient 1's name, patient identification number, diagnosis, and two physician's names, Review of the documentation sent, by Administrative Staff A, to the California Department of Health reveals that Unlicensed Staff C printed both electronic records, for Patient 1 and Patient 2, at the same time and did not double check the documents before faxing everything to fnother facility. Review of the facility Policy and Procedure for Confidentiality and Security reveals the following: "When sending or receiving confidential medical information, it is the duty of the facility to protect the confidentiality, and integrity of information as required by law, professional ethics, and accreditation requirements".Review on of the facility Policy and Procedure for Facsimile (Fax) Confidentiality and Security reveals the following: " When using the fax machine to send or receive a confidential medical information, it is the duty of (the facility) associates to protect the confidentiality, and integrity of information as required by law, professional ethics, and accreditation requirements".
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280