Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 18, 2014. Also cited in 46 other reports.
Report ID: RETC11.02, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of Patient A's Protected Health Information (PHI), when a registered nurse (RN 1), inadvertently gave a "Patient's Valuables Envelope" that contained the personal belongings and PHI for Patient A, to Patient B, at time Patient B was discharged from the hospital on July 12, 2013. This resulted in a loss of Patient A's personal items and the unauthorized release of Patient A's PHI to Patient B. Findings:On July 31, 2014, at 8:50 AM, during a telephone interview with the Facility Privacy Officer (FPO), when asked how the breach occurred, she stated, "Patient B was going home and he was agitated and anxious for discharge. RN 1 retrieved a "Patient's Valuables Envelope" from the safe and gave it to Patient B without first verifying that the envelope or its contents belonged to Patient B. The FPO further stated that RN 1 inadvertently gave a "Patient's Valuables Envelope" that contained personal items and the PHI for Patient A to Patient B at the time Patient B was discharged from the facility."When asked how the facility became aware of the breach, the FPO stated, "On July 13, 2013 when the nurse was discharging Patient A from the facility, the nurse was unable to find Patient A's belongings. That is when it was realized that Patient A's belongings and PHI had been given to Patient B, who was discharged the day before, on July 12, 2013."When asked if the items belonging to Patient A were retrieved from Patient B, the FPO stated, "No, we were unable to locate Patient B or the items after discharge."Patient A's personal items, some of which contained PHI included: Name, Account number, Medical Record number, date of birth, physician ' s name Cell Phone, Ear phone, 3DS Players (Hand held consul) (Name of College) Identification Card Driver's License containing name, address, photo, date of birthA review of facility policy and procedure titled, "Safeguarding PHI and Sensitive Information, dated January 17, 2012, indicated:"1. Policy: It is the policy of (facility name) to provide appropriate access to its information based on a need-to-know basis while preserving it's confidentially and integrity. The (facility name) shall implement reasonable and appropriate administrative, technical, and physician safeguards required by the Confidentiality and Data Classification Policy."A review of the facility policy and procedure titled, "Patient Property" dated November 2001, indicated under the section titled, "4.0 Discharge":"4.3 Have patient verify all belongings are accounted for and obtain appropriate signatures froth the patient. Should the patient be unable or unwilling to sign, the staff person will write "patient unable" or "patient unwilling" in the patient signature area and have two (2) staff sign as witnesses."The failure of RN 1 to ensure the items given to Patient B upon discharge, resulted in the unauthorized release of Patient A's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights