Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EL CENTRO REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 17, 2013. Also cited in 38 other reports.
Report ID: WCH411.02, California Department of Public Health
Reported Entity: EL CENTRO REGIONAL MEDICAL CENTER
Issue:
Based on observation, interview, and record review, the hospital failed to safeguard protected health information (PHI- is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual) from unauthorized person(s) in accordance with their policies and procedures, for 4 of 4 sampled patients (Patient 1, Patient 2, Patient 3 and Patient 4). Confidential patient information found on radiology films (x-rays - a quick, painless test that produces images of the structures inside your body, particularly the bones) belonging to Patient 1, Patient 2, Patient 3 and Patient 4 were inadvertently given to the wrong person (unintended recipient).Findings: On 1/16/13 at 4:29 P.M., the hospital reported to the Department that an unauthorized disclosure of confidential patient information occurred when x-ray films belonging to four different patients were given to the wrong patient in the Emergency Department (ED).A review of the x-ray films were conducted with the Privacy Officer on 1/17/13 at 1:35 P.M. The x-ray films contained the following confidential patient information: patient's name, medical record number, date of birth, print date and what part of the body was x-rayed.On 1/17/13 at 1:50 P.M., a tour of the radiology department was conducted with the Privacy Officer and an ultrasound technician (UT 1). The printer and its area where x-ray films were generated upon request by patients or physicians were observed.A telephone interview with the patient transport associate (PTA 1) for medical imaging was conducted on 2/6/13 at 1:45 P.M. PTA 1 stated that he recalled printing x-rays for a patient in the ED on 1/13/13. He stated that he did not verify the patient's name on each of the x-ray films that he printed. He said there would have been a total of 6 x-ray films. He explained that he picked up the first x-ray film from the stack of x-rays that were on the printer, confirmed that the correct patient's name was on the film, grabbed them all and placed them in a checkout jacket. He acknowledged that he did not follow the hospital's policy with regards to safeguarding x-ray films/images and ensuring they were released to the intended recipient. A review of the hospital's policy entitled "Imaging Films, Ownership and Checkout of", last review date of 1/29/13, was conducted on 2/7/13. The policy indicated that "All films and images released will be individually and visually inspected to ensure the correct films are released to the patient/physician."A review of the hospital's policy entitled "Access to and Maintenance of the Health Record", last review date of 7/21/11 was conducted. The policy stipulated that "All individuals engaged in the collection, handling or dissemination of patient health information should protect the confidentiality of patient data." Per the same policy, it indicated that "The collection of any data relative to a patient whether by interview, observation or review of documents shall be conducted in a setting, which provides maximum privacy and protects the information from being accessed by an unauthorized individual." A telephone interview with the Director of Imaging Services (DIS) was conducted on 2/8/13 at 10:07 A.M. The DIS stated that the staff in medical imaging were responsible for checking each individual image or film to verify that the correct patient's name was on the images that were printed prior to placing them in a checkout jacket for the intended recipient. She acknowledged that PTA 1 should have checked each individual x-ray (film) to verify the patient's name and to ensure that the confidential patient films were released to the intended recipient. She also acknowledged that when the hospital's policy was not implemented as written, it resulted in the occurrence of an unauthorized disclosure of confidential patient information.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights