Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EL CENTRO REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 26, 2013. Also cited in 38 other reports.
Report ID: MB1B11.01, California Department of Public Health
Reported Entity: EL CENTRO REGIONAL MEDICAL CENTER
Issue:
Based on interview, document and record review the hospital failed to ensure that one patient's (Patient A) personal and protected health information (PHI) was kept confidential.Findings:An on site investigation of an entity reported privacy breach was conducted on 2/26/13. An interview was conducted with the hospital's Privacy Officer (PO) on 2/26/13 at 8:50 A.M. The PO stated that Patient A was treated in the hospital's Emergency Department (ED) on 12/10/12. Since Patient A was a minor, he was brought to the ED by his father, who is a hospital employee. A few months earlier, on 10/22/12, another employee's child (Patient B) was also treated in the hospital's ED. On 1/11/13, a hospital Billing Clerk (BC) intended to mail Patient A's billing statement to his father. However, an envelope containing a letter to Patient A's father, a letter to Patient B's father, Patient A's itemized ED bill and an Employee Payroll Deduction Agreement were all inadvertently mailed to Patient B's father. The documents belonging to Patient A that were sent to Patient B's father contained the following information:Patient's NamePatient's Father's NameAddressAccount NumberAdmission DateDischarge DateItemized Charge Detail for Supplies and Equipment used in the EDOn 2/26/13 at 10:00 A.M., an interview was conducted with the BC responsible for mailing Patient A's personal and PHI to Patient B's father. The BC stated that she had printed out all the paper work she intended to mail that day. She thinks that when she picked up the letter to mail to Patient B's father, she must have accidentally picked up all the paper work intended to be mailed to Patient A's father. The BC further explained that when she folded the paper work to place in the envelope she never checked the patient name on the documents. A review of the hospital's policy and procedure, entitled "Access to and Maintenance of the Health Record" and dated 7/2/11, indicated that "All individuals engaged in the collection, handling or dissemination of patient health information should protect the confidentiality of patient data."During the interview with the BC, the BC acknowledged that she was not following hospital policy and procedure when she failed to apply reasonable safeguards to protect Patient A's personal and PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights