Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VALLEY CHILDREN'S HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 12, 2014. Also cited in 40 other reports.
Report ID: RPJQ11, California Department of Public Health
Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA
Issue:
Based on staff interview, clinical record, and administrative document review, the hospital failed to ensure confidential treatment of Patient 1 and 3's protected health information (PHI) when:1. Patient 1's PHI was faxed to a local company instead of his health care provider. (CA00401388)2. Patient 3's PHI was given to the father of Patient 2. (CA00401441)This failure resulted in unauthorized access to Patient 1 and 3's PHI and the potential for abuse of that information.Findings:CA00401388:1. On 6/12/14 at 3:50 p.m., during a telephone interview, the privacy officer (PO) stated that on 5/23/14 a hospital employee (Health Information Management Tech) faxed Patient 1's audiology (hearing) report to a local company instead of his health care provider. The PO stated the employee should have double checked the fax number before sending, but this was not done.Patient 1's PHI breached included his name, date of birth, address, medical record and account numbers, date of service, physician, and hearing test results.The hospital's policy and procedure titled, "Facsimile Machines" dated 8/11, indicated ". . . When confidential information is faxed to a destination number that is not pre-programmed, the fax machine operator shall be responsible for double checking the accuracy of the number in the machine's display before sending the fax. . . "CA00401441:2. On 6/12/14 at 4 p.m., during a telephone interview, the PO stated that on 5/5/14 an employee of the health information management vendor working on site, gave Patient 3's PHI to the father of Patient 2. The PO stated the employee should have double checked the paperwork before releasing it, but this was not done.Patient 3's PHI breached included her name, date of birth, address, phone number, medical record and account numbers, insurance company name and policy number, physician, date of service, history and physical, physician's progress notes, lab results, medications, and discharge summary.The hospitals's policy and procedure titled, "Confidentiality", dated 8/11, indicated ". . . It is the policy of [Hospital] to respect and protect the privacy rights of patients. their families, employees and third parties. All information that is deemed confidential by [Hospital] and/or by specific legal statutes shall be kept confidential and shall not be copied, electronically accessed, transmitted or removed from Hospital premises under any circumstances whatsoever, without the prior written consent of Hospital Administration. . .".
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights