Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 19, 2014. Also cited in 62 other reports.
Report ID: WCRV11.01, California Department of Public Health
Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's medical information was faxed to an unauthorized recipient. (CA00411413)2. Patient 2's medical record was mailed to an unauthorized recipient. (CA00411374)3. Patient 4's medical information was attached to a medical record belonging to someone else. (CA00411383)These failures resulted in not protecting the PHI for Patient's 1, 2 and 4 and had the potential for unauthorized use. Findings:CA004114131. On 9/19/14 at 10:05 a.m., during an interview, the Privacy Officer (PO) stated transition of care documents for Patient 1 were faxed to a Medical Doctor (MD) that was no longer caring for the patient. The PO stated the MD had previously cared for Patient 1, but was no longer supposed to be listed as Patient 1's doctor. The PO stated the admitting clerk should have updated Patient 1's list of doctors when Patient 1 was admitted.Patient 1's PHI breached included: name, date of birth, gender, address, medical record number, account number, and clinical information.The hospital policy and procedure titled, "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12, indicated "III. Guidelines: A. Protected Health Information and Records 1.Protected health information includes any information received, created or maintained by... in which the patient is... identified, regardless of whether the information is in oral, paper or electronic form. I. Accurate Information 1. It is the responsibility of all individuals who collect information from patients... medical record... to be as accurate and complete as possible."CA004113742. On 9/19/14 at 10:15 a.m., during an interview, the Privacy Officer (PO) stated Patient 2's medical record was inadvertently attached to Patient 3's medical record and mailed to Patient 3's doctor. The PO stated the Endoscopy Technician put both records in an envelope and mailed them to the doctor without checking to make sure the envelope contained only Patient 3's medical record.Patient 2's PHI breached included: name, medical record number, and pathology results.The (Hospital) Policy and Procedure titled, "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12, indicated "III. Guidelines: A. Protected Health Information and Records. 1. Protected health information includes any information received, created or maintained by... in which the patient is... identified, regardless of whether the information is in oral, paper or electronic form. I. Accurate Information 1. It is the responsibility of all individuals who collect information from patients... medical record... to be as accurate and complete as possible."CA004113833. On 9/19/14 at 10:30 a.m., during an interview, the Privacy Officer (PO) stated Patient 4's medical images were loaded onto a CD (compact disc) that also contained Patient 5's medical images and mailed to another health care facility. That other health care facility notified the PO that Patient 4 was not one of their patients and the images were received in error. The PO stated they were not able to determine which employee downloaded the images on the CD in error. Patient 4's PHI breached included: name, date of birth, medical record number, and images related to a procedure that was done on 7/1/11.The hospital policy and procedure titled, "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12, "III. Guidelines: A. Protected Health Information and Records indicated. 1. Protected health information includes any information received, created or maintained by... in which the patient is... identified, regardless of whether the information is in oral, paper or electronic form. I. Accurate Information 1. It is the responsibility of all individuals who collect information from patients... medical record... to be as accurate and complete as possible."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights