Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAN RAMON REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 24, 2013. Also cited in 9 other reports.
Report ID: F4QC11.02, California Department of Public Health
Reported Entity: SAN RAMON REGIONAL MEDICAL CTR
Issue:
A Civil Money Penalty in the amount of $700 was assessed as a result of the investigation: Penalty Number: 02009879California Health and Safety Code Section 1280.15(b)(1)(c)(b)(1) A clinic, health facility, agency, or hospice to which subdivision (a) applies shall report any unlawful or unauthorized access to, or use or disclosure of, a patient's medical information to the Department no later than five days after the unlawful or unauthorized access, use, or disclosure has been detected by the clinical, health facility, agency, or hospice.(c) If a clinic, health facility, agency, or hospice to which subdivision(a) applies violates subdivision (b), the Department may assess the licensee a penalty in the amount of one hundred dollars ($100) for each day that the unlawful or unauthorized access, use, or disclosure is not reported, following the initial five-day period specified in subdivision (b). However, the total combined penalty assessed by the Department under subdivision (a) and this subdivision shall not exceed two hundred fifty thousand dollars ($250,000) per reported event.Based on interview and record review, the facility failed to notify the Department of a medical breach within five business days from the first day the breach was detected on 12/21/12. One staff member sent records for Patient 1 to a receiving hospital with Patient 2 during transfer. Findings:Patient 1 was admitted to the Emergency Department on 12/21/12. Patient 2 was transferred out of the Emergency Department to another Acute Care Hospital on 12/21/12. Staff 1 included some of Patient 1's medical records in the transfer paperwork sent with Patient 2 to the receiving facility.During an interview on 4/24/13 at 3:00 p.m., the Compliance Officer (CO) stated that Staff 1 inadvertently included part of Patient1's clinical record in transfer documents sent to another hospital with Patient 2. The error was discovered on 12/21/12 when the receiving hospital notified the facility. Staff 3 waited for Staff 4 to return from vacation before sending the CO an email regarding the breach on 12/28/13. The CO was also on vacation and did not receive the email until 1/2/13. The CO notified the Department of the breach on 1/4/13.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280