Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CORONA REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 2, 2015. Also cited in 19 other reports.
Report ID: NG1S11, California Department of Public Health
Reported Entity: CORONA REGIONAL MEDICAL CENTER
Issue:
Based on staff interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient A's private health information (PHI), when a document containing Patient A's laboratory results was given to Patient B during discharge. This had the potential to result in the misuse of Patient A's private health information.Findings:On June 3, 2015, an investigation was conducted on this entity reported incident. On June 3, 2015, at 4 :30 p.m., the hospital Information Privacy Officer (IPO) was interviewed. The IPO stated an unauthorized disclosure of Patient A's laboratory results, was given to Patient B by the facility's discharge nurse. As the discharge nurse printed Patient B's discharge instructions, Patient A's laboratory results printed at the same time. Patient B had taken Patient A's laboratory results home. The discharge nurse was informed by a phone call from Patient B that he/she had received Patient A's PHI. The facility sent a hospital courier to pick up the information from Patient B.On June 3, 2015, a record review was conducted of a facility letter sent to Patient A dated, December 21, 2012. The Department was notified of the incident by letter the same day. The form indicated,..."Some of your protected health information was...disclosed to an unintended recipient. On December 19, 2012, a patient notified (the facility) that she received a copy of your laboratory report along with her discharge instructions, upon her discharge from (the facility). The patient who received your laboratory results in error called us, and a (facility) courier went to the patient's house and retrieved your laboratory results. Laboratory report included: Patient A's name, date of birth, age, sex, medical account number, medical record number, lab results, and treating physician." A review was conducted of the facility policy, "Overview of the Uses and Disclosures of Protected Health Information (PHI)," revised September 2013, indicated, under Safeguards: (The facility) must reasonably safeguard PHI:...from any intentional or unintentional use or disclosure that violates (corporate) or (facility) HIPPA (Health Insurance Portability and Accountability Act) policies...in order to limit incidental uses or disclosures."The facility failed to maintain Patient A's Private Health Information by giving laboratory results to the wrong patient, Patient B, during discharge without authorization from Patient A or Patient A's representative.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280