Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 8, 2014. Also cited in 46 other reports.
Report ID: 7T1P11, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview, and record review, the facility failed to ensure that a medical records clerk (Employee 1), verified the names on all documents mailed to Patient B. This failure, to verify the names on all documents mailed to Patient B, resulted in a form titled, "Birth Certificate Information", which contained the protected health information (PHI) for Patient A, to be mailed to Patient B in error.Findings:On August 4, 2014 at 10:40 AM, a phone interview was conducted with the Facility Privacy Officer (FPO) regarding an entity reported incident of a breach of PHI for Patient A. The FPO, stated, "On February 18, 2013, Patient B called and told the Director of Health Information Management (DHIM) that she (Patient B), had received Patient A's birth certificate information worksheet in the mail. The DHIM who was also the FPO at that time went to Patient B's home and picked up the document."The FPO further stated that, "Employee 1, who sent the information to Patient B, did not review or verify that all the information being sent to Patient B was the correct information for that patient, before placing it in the envelope."A copy of the "Birth Certificate Information" form mailed to Patient B, contained the PHI for both Patient A and Patient A's spouse's inclduing their: names, address, phone numbers, dates of birth, employment and prenatal information, as well as, the name, date and time of birth, weight and length of Patient A ' s newborn baby (Baby A).A review of facility policy and procedure titled, Protected Health Information (PHI), Transfer of", dated August 2012 indicated:"Policy: Employees of (Name of Facility) will protect the confidentiality of Protected Health Information (PHI) when releasing PHI.""4.0 Handouts/Mail""4.1.3-The first staff member will verify that all documents belong to the correct patient and do not contain any other patient ' s information.""4.1.4-The second staff member will independently verify that the documents belong to the correct patient and do not contain any other patient ' s information." The failure to protect Patient A's PHI, had the potential for the information to be used in identity theft, or in a manner not authorized by the patient.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights