Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ADVENTIST MEDICAL CENTER - REEDLEY
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 23, 2013. Also cited in 18 other reports.
Report ID: IP7G11, California Department of Public Health
Reported Entity: ADVENTIST MEDICAL CENTER - REEDLEY
Issue:
Based on staff interview, clinical record, and administrative document review, the hospital failed to ensure confidential treatment of Patient 1 - 5's protected health information (PHI) when:1. Patient 1's and Patient 2's PHI was faxed to a private home and not to their healthcare provider. (CA00363757)2. Patient 3's and Patient 4's PHI was disposed of in an open trash bin. (CA00349935)3. Patient 5's PHI was sent to the wrong provider. (CA00347419)This failure resulted in unauthorized access to Patient 1 - 5's PHI and the potential for abuse of that information.Findings:CA00363757:1. On 8/23/13 at 1 p.m., during a phone interview, the Privacy Officer (PO) stated on 7/29/13, a hospital employee (Licensed Nurse) faxed Patient 1 and Patient 2's PHI to a private home fax rather that to their healthcare provider. The PO stated the fax number should have been verified prior to the PHI being faxed but it was not.Patient 1's PHI breached included her name, date of birth, medical record number, account number, physician, and date of service.Patient 2's PHI breached included her name, date of birth, medical record number, account number, physician, and date of service.The hospital's policy and procedure titled, "Faxing Patient Protected Health Information (PHI)" dated 11/28/12, indicated, "Confirm the fax number. a) Prompt caller or intended recipient to repeat the fax number when appropriate. b) Write "RB" next to sender's name (for repeat back). c) If repeat back can't be done, verify fax number by checking against current fax number list, physician directory (Medical Staff Office), phone book or on line yellow pages. Always call the recipient to confirm fax number when using phone directories or yellow pages. . . Verify number keyed with fax display and cover sheet, before sending." CA003499352. On 8/23/13 at 1:30 p.m., during a phone interview, the PO stated on 3/28/13 the hospital received an anonymous call from someone who claimed that a carton of x-ray films had burst open while being transported for recycling and that films from the box had been disposed of in an open trash bin. The PO stated that the hospital had been in the process of digitizing x-rays and recycling the x-ray film. The PO stated the hospital investigated the claim and discovered that an unauthorized individual had gone into the fenced area at the recycling center and had removed the films from a bin waiting for recycling. A private investigator tracked down the anonymous caller and retrieved the films that had been taken.Patient 3's PHI breached included his name, date of birth, and medical record number.Patient 4's PHI breached included his name, date of birth, and medical record number.The hospital's policy and procedure titled, "Compliance With Business Associate Requirements" revised 5/14/10 indicated, "Before the [hospital] may disclose protected information to a business associate, it must obtain satisfactory assurances that the business associate will appropriately safeguard the information. . . The business associate cannot use or disclose the information in any manner, which would not be permissible for the [hospital] under the rule."CA00347419On 8/23/13 at 2:30 p.m., during a phone interview, the PO stated on 3/14/13, during Patient 6's registration for outpatient lab work, the clerk entered the wrong provider's name on the form. PO stated, the registration information was not confirmed and Patient 6's PHI went to the wrong provider who notified the hospital of the breach.Patient 6's PHI breached include her name, date of birth, address, phone number, social security number, medical record number, account number, Medicare number, family members, family member's addresses, family member's phone number, physician's name, lab results, and date of service.The hospital's policy and procedure titled, "Faxing Patient Protected Health Information (PHI)" dated 11/28/12, indicated, "Confirm the fax number. a) Prompt caller or intended recipient to repeat the fax number when appropriate. b) Write "RB" next to sender's name (for repeat back). c) If repeat back can't be done, verify fax number by checking against current fax number list, physician directory (Medical Staff Office), phone book or on line yellow pages. Always call the recipient to confirm fax number when using phone directories or yellow pages. . . Verify number keyed with fax display and cover sheet, before sending."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights