Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VALLEY CHILDREN'S HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 5, 2014. Also cited in 40 other reports.
Report ID: TRU311, California Department of Public Health
Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA
Issue:
Based on staff interview, clinical record and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's newborn screening paperwork was given to Patient 2's family member. (CA00411344)2. Photographs of Patients 3 and 4 were posted on a social network site without a written consent signed by parents of the patients. (CA00411349)3. Patient 5's school release note was given to Patient 6's family member. (CA00411990).These failures placed Patient 1, 3, 4, and 5's PHI at a potential risk for unauthorized use.Findings:CA004113441. On 9/5/14 at 4:29 p.m., during an interview, the Accreditation Coordinator (AC) stated the Health Unit Coordinator (HUC) put Patient 1's newborn screening paperwork in Patient 2's chart. Registered Nurse (RN) 1 gave Patient 1's newborn screening paperwork to Patient 2's family member. The AC stated neither HUC or RN 1 verified the name on the newborn screening paperwork was the same name as on the chart. The AC stated RN 1 did not verify the name on the newborn screening paperwork against Patient 2's arm band prior to giving the paperwork to Patient 2's family member. The AC stated RN 1 should have reviewed the patient name on all paperwork using two verifiers prior to giving it to a family member.The PHI disclosed included Patient 1's mother's name, address, and medical record number.The hospital policy and procedure titled, "Confidentiality" dated 8/2011, indicated, "Policy. It is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential...."CA004113492. On 9/5/14 at 4:37 p.m., during an interview, the Accreditation Coordinator (AC) stated the Pediatric Care Technician (PCT) 1 posted photographs of herself with Patients 3 and 4 on a social network site. The AC stated the PCT had verbal permission of Patients 3 and 4's mothers, but had not received written permission as per hospital policy.The PHI disclosed included Patient 3 and 4's first name and photographs.The hospital policy and procedure titled, "Patient Pictures" dated 11/2012, indicated, "Policy.... 2. Images Created, Used or Disclosed for Purposes other than Diagnosis or Treatment. A.... 4) Prior to the taking of photographs or recording of any images Communications and Advocacy staff shall be responsible for obtaining from the the patient or his/her legal representative a fully completed and executed [hospital] 'Consent to Photograph and Publish/Authorization to Use and Disclose Health Information'... form. ...3. General Considerations....C. In all cases involving photography of patients which differ from Hospital policy, approval from [hospital] Privacy Officer shall be obtained prior to allowing any such photography...." The hospital policy and procedure titled, "Confidentiality" dated 8/2011, indicated, "Policy. It is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential...."CA004119903. On 9/5/14 at 4:42 p.m., during an interview, the Accreditation Coordinator (AC) stated Patient 5's school release note (a note provided by the hospital which indicates when a student may return to school and any activity restrictions) was given to Patient 6's family member by Registered Nurse (RN) 2. The AC stated RN 2 did not verify the name on the school release note against the name on the wristband of Patient 6. The AC stated RN 2 should have reviewed all documents using two verifiers.Patient 5's PHI breached included name, medical record number and account number.The hospital policy and procedure titled, "Confidentiality" dated 8/2011, indicated, "Policy. It is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential....".
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights