Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 15, 2012. Also cited in 64 other reports.
Report ID: ZSED11.01, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Facility detected the Breach of Patient Health Information on 11/16/09.Facility reported the Breach of Patient Health Information to the Department on 11/30/09.Facility notified Patient A of the Breach of Patient Health Information on 11/25/09.Based on staff interview and review of facility documents, the facility failed to prevent the unauthorized disclosure of two Patient's (Patient's A and B) health information (PHI). A facility employee mixed up the results of Patient A and B's health screening exams and mailed them to the other patient. Additionally, the facility failed to report an incident of unauthorized disclosure of medical information for two Patients (Patient's A and B) to the Department within 5 calendar days.Findings:On 2/15/12 the facility's "Breach Investigation" report was reviewed. The report indicated that the breach was discovered on 11/16/09, when a patient contacted a facility employee in the "Community Relations Department" and notified them that she had received someone else's health screening exam results, which contained patient medical information. On 2/15/12 at 8:30 a.m., an interview was conducted with the "Business Development Coordinator" (BDC) who was responsible for mailing Patient A and B's health screening results to the wrong patient. The BDC stated that her role was to make copies of the screening exams and then mail them to the appropriate physician and patient. The BDC stated that she was responsible for a high number of exam results that are sent to her department for routing. On interview, the BDC stated that she was performing this function solely by herself and at times the exams and copies that had to be made became very voluminous. The BDC stated that she was disciplined after her mistake was discovered. The BDC stated that after that, "I revamped my process to streamline it and make it more accurate."The facility should have notified the department no later than five business days after detecting the possible breach. The department received a letter from the facility on 11/30/09, nine days after it should have been reported.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280