Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ALVARADO HOSPITAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 4, 2013. Also cited in 14 other reports.
Report ID: CPKC11, California Department of Public Health
Reported Entity: ALVARADO HOSPITAL MEDICAL CENTER
Issue:
Based on interview, document and record review the hospital failed to ensure that one patient's (Patient 1) personal and protected health information (PHI) was kept confidential and not disclosed to another physician (MD 1), who was not one of Patient 1's health care providers.Findings:An on site investigation of an entity reported privacy breach was initiated on 9/4/13 at 2:35 P.M. At that time, an interview was conducted with a Health Information Management Technician (HIMT). The HIMT explained that, on 7/23/13 a fax intended for Patient 1's Endocrinologist (MD 2), was transmitted via auto facsimile (fax) to a Pediatrician (MD 1).On 9/4/13 at 3;35 P.M., an interview was conducted with the Laboratory Information Systems Coordinator (LISC). The LISC stated that there are two physicians (MD 1 and MD 2) with the same name and address but different suite numbers. MD 1 is a Pediatrician and MD 2 is an Endocrinologist. The fax that was transmitted on 7/23/13 was intended for the Endocrinologist (MD 2). The LISC explained that a few months prior to the incident MD 2's fax number was changed in the computer to MD 1's fax number. But, there was no documentation as to why this change occurred. LISC did not recall making this change and she is the only one person who can access this information in the computer.A review of the faxed documents revealed that the documents contained the following personal and protected health information:1. Patient's name2. Account Number3. Sex4. Date of Birth5. Physician's Name6. Seven Laboratory Test Results A review of the laboratory's policy and procedure, entitled "LIS (Laboratory Information Systems) Change Request Form" and dated 8/8/12, indicated that "This policy and procedure provides a way to document in writing any request for modifications to the Laboratory Information System, as well as providing documentation of any action taken as a result of the request...It is required that all changes in the LIS system, be documented in a consistent fashion using the Laboratory Information System Database Change Request...The bottom half of the form is to be filled out by the LIS Manager reviewing the Change Request. All Change Request Forms are kept permanently on file within the laboratory."An interview was conducted with the Laboratory Director (LD) on 11/14/13 At 3:00 P.M. The LD stated that, normally, when the LISC makes a change in the fax number database she completes a Change request Form. However, the Change Request Form can not be found. The LD stated that the form should have been signed by him. The LD further explained that if the LISC did not fill out the Change request Form then she was not following laboratory policy and procedure. The LD acknowledged that neither he nor the LISC can supply documented evidence that the change in MD 2's fax number was approved by anyone.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights