Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 6, 2012. Also cited in 62 other reports.
Report ID: 2S3K11, California Department of Public Health
Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview, clinical record and administrative document review the hospital failed to keep Protected Health Information (PHI) confidential when Patient 1's medical records were faxed to an incorrect home health agency instead of the intended home health agency.This failure placed Patient 1's PHI at potential risk for unauthorized use.Findings:On 5/15/12 at 10:05 a.m., Staff 1 (Privacy Officer) stated on 3/14/12 the hospital became aware of a possible privacy breach. The facility's internal investigation revealed Staff 2 (Case Manager) mistakenly faxed Patient 1's medical records to a health care agency that was not associated with Patient 1's care. Staff 1 stated the fax contained Patient 1's facesheet, physician orders and history and physical. Staff 1 stated it was Staff 2's responsibility to ensure PHI was faxed to the correct destination.On 5/23/12 at 4:15 p.m., the misdirected medical records were reviewed and contained Patient 1's name, date of birth, date of service, address, phone number, guarantor, medical record number, account number, attending physician, physical examination, medical imaging results, diagnosis, medications, allergies, medical history, social history and family history. On 5/23/12 the hospital's policy and procedure, number 12136, titled "HIPPA General Rules for the Use and Disclosure of PHI," dated 11/16/09, contained the following documentation: It is the policy of [hospital] to protect the privacy and security of patient information and to comply with applicable laws and regulations. ...PHI includes any information received, created, or maintained by the facility in which the patient is or may reasonably be identified, regardless of whether the information is in oral, paper, or electronic form."The hospital's policy and procedure, number 12108, titled "Facsimile Transmission of Health Information," dated 7/26/10, contained the following documentation: "Staff members faxing patient information shall take reasonable steps to ensure that the fax transmission is sent to the appropriate destination."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights