Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
REDLANDS COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 4, 2012. Also cited in 9 other reports.
Report ID: TXSZ11, California Department of Public Health
Reported Entity: REDLANDS COMMUNITY HOSPITAL
Issue:
Based on interview and record review, the facility failed to maintain confidential the protected health information (PHI)as defined in their policies and procedures (P&P) for Patient B, when his laboratory results were inadvertently mixed in with the laboratory results provided to Patient A upon discharge from the emergency room (ER). FindingsOn 9/4/12 at approximately 8:45 AM, an unannounced visit was made to the general acute care hospital (GACH) to investigate a self reported incident of a possible breach of PHI.During an interview with the facility privacy officer (FPO) at 9:15 AM, he stated, "On 8/23/12, the patient [Patient A] was being discharged from the ER, and was being given copies of his lab work. He did receive his own lab results but in addition, he inadvertently was given the lab work results for another patient [Patient B]. He [Patient A] returned the lab results to the hospital and I notified the other patient [Patient B] by letter.A review of the data that was received by Patient A belonging to Patient B included the following PHI:a. Patient B's nameb. Patient B's date of birth and agec. Patient B's location in the facilityd. The type of lab work ordered.e. Patient B's account number.f. The names of Patient B's primary and secondary physiciansg. Actual test results of which 14 out of the 32 entities fell into the abnormal range.The FPO indicated in his report, "[Name of GACH] adheres to these definitions which are covered throughout our privacy and security policies and procedures... Protected health information (PHI)- Any oral, written or electronic individually identifiable health information collected or stored by a facility. Individually identifiable health information includes demographic information and any information that relates to past, present or future physical or mental condition of an individual". The FPO further defined "Privacy breach" as, "The unauthorized and/or unlawful access to, use of, and /or disclosure of PHI..."Due to Patient B's PHI being inadvertently disclosed to Patient A, a privacy breach occurred.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights