Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 5, 2014. Also cited in 44 other reports.
Report ID: 4MQP11, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on interview and record review the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A when Patient B received prescriptions written for Patient A at discharge from the emergency department, resulting in a breach of Patient A's PHI. Findings:During a phone interview with a Compliance Specialist (CS) on November 11, 2014 at 11:20 AM to investigate an entity reported incident of a breach of PHI for Patient A. The CS stated "that during discharge from the emergency department a nurse inadvertently gave the prescriptions of Patient A to Patient B." During a review of the prescriptions for Patient A, they contained PHI which included: Patient A's name, date of birth, age, gender, home address, phone number and medical record number. According to the CS's investigation summary "the mother of Patient B provided a statement that the information would not be retained or further disclosed and that the prescriptions would be returned by mail. To date the prescription form had not been received. " The facility's policy titled, "Operating Policy, Patient's Rights, Protection of Patient Privacy," dated May 2013, indicated, "1.1 All medical center employees, members of the medical staff, house staff, volunteers, faculty, and students, shall be responsible for maintaining confidentiality of patient information. This responsibility shall include personal observations, oral conversations, the designated record set and its contents, and any other electronically stored or written patient or patient - related data."The facilities policy titled "Operating Policy, Uses and Disclosures of Protected Health Information", dated July 2014, indicated, "6. The general rule for verification by Medical Center employees shall be as follows: 6.1, Employees shall establish the identity of individuals to whom the disclosed PHI to limit the possibility of unauthorized disclosures; 6.2, Prior to disclosing PHI, employees shall ask specific questions (e.g. date of birth, Social Security number, telephone number, or address) that could be answered only by the patient, the patients representative, or those individuals with legitimate business need. The facility's failure to maintain the confidentiality of Patient A's PHI resulted in the unauthorized access of Patient A's protected health information by Patient B.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights