Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSP SO SACRAMENTO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 17, 2014. Also cited in 16 other reports.
Report ID: 17R711, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSP SO SACRAMENTO
Issue:
Based on staff interview and document review, the faclity failed to prevent an unauthorized disclosure of Patient 1's medical information when a hospital staff member dialed a fax number incorrectly and sent Patient 1's medical information to the unintended receiver.Findings: The Department received a self reported incident, dated 9/23/14, via e-mail of an unauthorized disclosure of Patient 1's medical information. During an interview with the Director of the Continuity of Care on 11/17/14 at 10:15 a.m., she stated that a patient care coordinator assistant needed to fax certain medical information of Patient 1 to a medical care group outside the facility. When the patient care coordinator assistant dialed the fax number, she mis-dialed the first several digits of the fax number and the medical information was sent to a tax advisory company instead. The tax advisory company immediately called the facility and informed them that they received Patient 1's medical information and would shred the documents. A review of Patient 1's documents revealed that there were 27 pages of records that were sent to the unintentional receiver. The following documents that were sent were as followed: Patient 1's "name, address, date of birth, medical record number, medical diagnoses, and a general description of the patient's medical condition." A review of the facility's policy titled Mitigation of Impermissible Uses and Disclosures of[Protected Health Information], dated 3/1/12, indicated the following: "Policy Statement: [The facility] must take action to reduce or eliminate, to the extent feasible, any known harm caused by an improper or unlawful use or disclosure of Protected Health Information (PHI) by [the facility] or its business associates..." Under "Scope/Coverage: The provisions of this policy apply to: ...All physicians, employees, and other workforce members..." Under "Provisions: ...If a...workforce member uses or discloses PHI in violation of [the facility's] policies and procedures...[the facility] must take reasonable steps as follow: End the violation; Evaluation the violation;...Reduce or eliminate the harmful effects, if any, resulting form the violation; Take steps to help prevent the violation from recurring..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280