Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VALLEY CHILDREN'S HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 30, 2012. Also cited in 40 other reports.
Report ID: RTHO11, California Department of Public Health
Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA
Issue:
Based on staff interview and facility administrative document review the facility failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's appointment letter was mistakenly given to Patient 2.2. Patient 3's school excuse note was mistakenly given to Patient 4.3. Patient 5's appointment letter and early language assessment document was mistakenly mailed to Patient 6.These failures placed Patient 1, Patient 3 and Patient 5's PHI at a potential risk for unauthorized use.Findings:Refer to CA00294628 1. On 1/30/12 at 3:10 p.m., Staff 1 (Privacy Officer) stated on 12/21/11 the facility identified a possible privacy breach. The facility's internal investigation revealed Patient 1's appointment letter was mistakenly given to Patient 2 during the discharge process. Staff 1 stated the facility's policy was to check the patient's identification band to ensure the right patient receives the right document. On 1/30/12 at 3:20 p.m., Staff 1 stated the appointment letter contained Patient 1's name, date of service, medical record number, account number, address and scheduled follow-up appointment.On 2/7/12 the facility policy and procedure number 1.1521, titled "PHI, Use and Disclosure" contained the following documentation: "Children's Hospital and its employees are committed to protect the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information." The facility policy and procedure number PR-1016, titled "Confidentiality" contained the following documentation: "Children's Hospital will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intentional or unintentional."Refer to CA002951362. On 1/30/12 at 3:10 p.m., Staff 1 stated on 12/27/11 the facility identified a possible privacy breach. The facility's internal investigation revealed Patient 3's school excuse note was mistakenly given to Patient 4 during the discharge process. Staff 1 stated the facility's policy was to check the patient's identification band to ensure the right patient receives the right document. On 1/30/12 at 3:20 p.m., Staff 1 stated the school excuse note contained Patient 3's name, date of birth, date of service medical record number and account number.The facility policy and procedure number 1.1521, titled "PHI, Use and Disclosure" contained the following documentation: "Children's Hospital and its employees are committed to protect the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information." The facility policy and procedure number PR-1016, titled "Confidentiality" contained the following documentation: "Children's Hospital will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intentional or unintentional."Refer to CA002958993. On 1/30/12 at 3:10 p.m., Staff 1 stated on 1/4/12 the facility identified a possible privacy breach. The facility's internal investigation revealed Patient 5's appointment letter and early language assessment document was mistakenly mailed to Patient 6. Staff 1 stated the facility's policy was to check the patient's identification band to ensure the right patient receives the right document. On 1/30/12 at 3:20 p.m., Staff 1 stated the appointment letter and early language assessment document contained Patient 5's name, date of birth, date of service, medical record number, speech pathologist report and scheduled follow-up appointment. The facility policy and procedure number 1.1521, titled "PHI, Use and Disclosure" contained the following documentation: "Children's Hospital and its employees are committed to protect the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information." The facility policy and procedure number PR-1016, titled "Confidentiality" contained the following documentation: "Children's Hospital will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intentional or unintentional."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights