Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VALLEY CHILDREN'S HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 15, 2013. Also cited in 40 other reports.
Report ID: GPGS11, California Department of Public Health
Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA
Issue:
Based on staff interview, clinical record review, and administrative document review, the facility failed to ensure confidential treatment of Patient 1, 2, 4 and 6's protected health information (PHI) when:1. Patient 1's utilization review flow sheet was faxed to the incorrect insurance company. (CA00356395)2. Patient 2's patient label was put on Patient 3's discharge instructions. (CA00350711)3. Patient 4's prescription was given to Patient 5. (CA00348611)4. Patient 6's utilization review flow sheet was faxed to the incorrect insurance company. (CA00348614)These failures placed Patient 1, 2, 4 and 6's PHI at a potential risk for unauthorized use.Findings:CA003563951. On 7/15/13 at 1:53 p.m., during an interview, Accreditation and Regulatory Compliance Manager (ARCM) stated Case Manager (CM) 1 faxed Patient 1's utilization review flow sheet to an incorrect insurance company. She stated CM 1 should have verified the insurance company before sending the fax but did not. Patient 1's PHI breached included patient name, birth date, home address, guarantor information, date of service, medical record number, diagnosis and medication. The hospital's Policy/Procedure AD-5015 titled, "Facsimile Machines", dated 08/11, indicated "... All individuals using a facsimile machine to transmit either patient or organizational information will be accountable for ensuring that the information is transmitted to the appropriate destination.The hospital's Policy/Procedure PR-1033, titled, "PHI, Use and Disclosure", dated 12/10, indicated "... [Hospital] and its employees are committed to protect the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information."CA003507112. On 7/15/13 at 2:07 p.m., during an interview, Accreditation and Regulatory Compliance Manager (ARCM) stated Registered Nurse (RN) 1 affixed Patient 2's patient label to Patient 3's discharge instructions. She stated RN 1 did not check patient label on discharge instruction against wristband on Patient 3. Patient 2's PHI breached included the patient name, date of birth, dates of service, medical record number, and account number.The hospital's Policy/Procedure PR-1033, titled, "PHI, Use and Disclosure", dated 12/10, indicated "... [Hospital] and its employees are committed to protect the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information."CA003486113. On 7/15/13 at 2:10 p.m., during an interview, Accreditation and Regulatory Compliance Manager (ARCM) stated Patient 4's prescription was given to Patient 5's family member during the discharge process. She stated RN 2 did not verify the name on the prescription was to Patient 5's wristband. Patient 4's PHI breached included the patient's name, date of birth, home address, sex, weight, medical record number, and medication prescribed.The hospital's Policy/Procedure PR-1033, titled, "PHI, Use and Disclosure", dated 12/10, indicated "... [Hospital] and its employees are committed to protect the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information."CA003486144. On 7/15/13 at 2:15 p.m., during an interview, Accreditation and Regulatory Compliance Manager (ARCM) stated CM 2 faxed Patient 6's utilization review flow sheet to an incorrect insurance company. She stated CM 2 should have verified the insurance company before sending the fax but did not.Patient 6's PHI breached included the patient name, birth date, home address, guarantor information, date of service, medical record number, diagnosis and medication. The hospital's Policy/Procedure AD-5015 titled, "Facsimile Machines", dated 08/11, indicated "... All individuals using a facsimile machine to transmit either patient or organizational information will be accountable for ensuring that the information is transmitted to the appropriate destination..."The hospital's Policy/Procedure PR-1033, titled, "PHI, Use and Disclosure", dated 12/10, indicated "... [Hospital] and its employees are committed to protect the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights