Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST BERNARDINE MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 31, 2013. Also cited in 41 other reports.
Report ID: ID5V11.01, California Department of Public Health
Reported Entity: ST BERNARDINE MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when mail containing Patient A's PHI was mailed to an unauthorized recipient. FINDINGS:On February 26, 2013, at 10:00 AM, during a visit to the facility, an interview was conducted with the facility privacy officer (FPO) to investigate an entity reported incident of a possible breach of Patient A's PHI.On July 31, 2013, a review was conducted of the entity reported incident. The Facility investigation was reviewed which revealed that on October 18, 2012, the facility was made aware that Patient A's billing statement had been sent in error to an old address, in which Patient A no longer resided. The facility investigation further revealed that during an Emergency Department admission, Employee A failed to update Patient A's outdated previous address in the database, even though the new address had been provided. As a result an itemized billing statement was mailed to the incorrect address, which happened to be a family member. Patient A's PHI, mailed to an unauthorized individual, consisted of the following: Patient A's name, grandmothers name, physician's name, date of service, place of service, type of service, test done, pharmaceuticals ordered, total charges, total payments, insurance company name, insurance ID number. On August 14, 2013, at 12:45 PM, during a phone interview was conducted with FPO, who confirmed the incident. She provided no additional explanation or documentation regarding this incident. The Facility failed to protect patient rights regarding maintaining the privacy and confidentiality of patient PHI, which resulted in Patient A being placed at risk of identity theft, when a bill containing Patient A's PHI was mailed to an unauthorized, unintended recipient.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights