Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSPITAL - SACRAMENTO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 10, 2014. Also cited in 12 other reports.
Report ID: Y80L11, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSPITAL - SACRAMENTO
Issue:
Based on observation, interviews and document and Policy & Procedure review, the facility failed to prevent unauthorized access to Patient B & C's Protected Health Information (PHI) when it was given to Patient A upon discharge from the facility. This information also contained names addresses and social security numbers which had the potential to compromise Patient B & C's PHI.Findings:On 7/9/14, at 8:00 p.m., Patient A was being discharged from the Emergency Department (ED) in the company of her Responsible Party (RP). The RP notified the Department that during the process of discharge an unknown employee came into the room with a handful of paperwork. While sorting through the paperwork the employee said she wanted to make sure she had the right patient. Later the RP removed the papers from Patient A's purse and found PHI and social security information, addresses ad medicare information for Patients B & C. The RP notified the facility of the breach the next day, 7/10/14.On 9/11/14 at 9:17 a.m., concurrent interviews were conducted with the Director of Accreditation, Regulations & Licensing (ARL) and the Assistant Nurse Manager (ANM) of the ED. Both acknowledged the breach and stated that through multiple interviews of staff of including MDs. RNs and ED techs that they were unable to ascertain who the employee may have been, as the paperwork with this PHI would not be utilized in the ED setting. In an interview with the the ED Director on this same date, she stated that employees beyond the ED were also interviewed about this issue. The ED Director stated that other MDs, clerical staff, Patient Care Coordinators and other RN's were also interviewed and no one could identify the unknown employee.A review of the facility Policy & Procedure titled Obligations Regarding Confidentiality, effective date 7/5/12. The Policy indicated in 1.0, Policy Statement; Employees are required to protect confidential patient, member, personnel and business information from unauthorized access, use or disclosure.In 2.0, Purpose; the purpose of this policy is to establish employees' confidentiality obligations. And in 3.0, Scope/Coverage; This policy applies to all facility employees... .Under 4.0, Definitions, 4.3 Disclosure means releasing, transferring, giving access or divulging confidential information ... to individuals who have no business reason to receive the information.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280