Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAN RAMON REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 17, 2012. Also cited in 9 other reports.
Report ID: DH3911.02, California Department of Public Health
Reported Entity: SAN RAMON REGIONAL MEDICAL CTR
Issue:
Based on interview and record review, the hospital failed to protect the confidential medical information of five patients (Patients 2, 3, 4, 5, and 6) of seven patients reviewed. Patients 2, 3, 4, 5, and 6 ' s medical records were faxed to a private residence, instead of the Doctor ' s office. This failure caused patients loss of dignity and privacy, and placed them at risk for identity theft. Findings:Review on 7/17/12 of hospital policy "Confidentiality of Company Information", dated 1/1/93 and revised 1/1/09, showed that the policy instructed staff that employees are expected to maintain strict confidentiality concerning patients and that in no case should confidential information be conveyed to individuals outside the organization.Review on 7/17/12 of hospital policy "Know your Fax Facts! " , showed that the policy instructed staff that Protected health information (PHI) can be faxed for purpose of treatment, payment, or operations, and that if notified by phone call of a FAX going to the wrong person, immediately notify supervisor, always use a hospital cover sheet containing a confidentiality statement, alert the recipient that the fax is coming, be sure the receiving fax machine is in a secure area, repeat the fax number back to ensure you wrote it down correctly, never fax to non-secure locations such as hotels, office stores, etc.., Check the number you place in the fax machine before you press send and promptly remove documents from the fax machine.On 7/17/12, the CO (Compliance Officer) stated that on 9/2/11, the error was discovered when a private resident called to report that " seven sheets were accidently faxed to his home " and gave the fax number with a (562) area code. The CO explained that Cerner computer system had been recently repaired and that the technician had temporarily added a hub to help the system catch up on needed faxes. The Technician was from Dell the out of state company who services the Cerner computer system and did not realize that the added hub was a different area code which resulted in sending theses faxes to a wrong number sending the faxes to a private residence rather than a physician ' s office. The fax number for the Physician ' s Office was a (925) area code. Review on 7/17/12 of the faxed Patient records showed that the Cerner Computer System intended to send: the Immunology/Serology report of Patient 2 to the Physicians Office, and that the Immunology/Serology report included Patient 2 ' s name, date of birth, sex, medical record number, and information related to Hepatitis studies;the Imaging report of Patient 3 to the Physicians Office, and that the Imaging report included Patient 3 ' s name, date of birth, sex, medical record number, and information related to a chest x-ray;the Imaging report of Patient 4 to the Physicians Office, and that the Imaging report included Patient 4 ' s name, date of birth, sex, medical record number, and information related to an abdominal ultrasound and a pelvic ultrasound;the Chemistry report of Patient 5 to the Physicians Office, and that the Imaging report included Patient 5 ' s name, date of birth, sex, medical record number, and information related to routine chemistry and lipids lab results;the Imaging report of Patient 6 to the Physicians Office, and that the Imaging report included Patient 6 ' s name, date of birth, sex, medical record number, and information related to a lumbar spine x-ray.On 7/17/12, the ADQ (Administrative Quality Director) stated that she wasn ' t sure if there was any monitoring for breach of confidentiality by the hospital of the Cerner Computer system and that she would ask the Computer system analyst.On 7/18/12, the Nursing Director stated that she was unable to find the information requested concerning monitoring of the Cerner Computer system for confidentiality breaches.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights