Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CLOVIS COMMUNITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 9, 2015. Also cited in 27 other reports.
Report ID: TH2J11, California Department of Public Health
Reported Entity: CLOVIS COMMUNITY MEDICAL CENTER
Issue:
Based on staff interview, clinical record, and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's "Summary of Care" report was given to Patient 2 upon discharge. (CA00422186)2. Patient 3's "Summary of Care" report was faxed to a doctor that was no longer involved in his care. (CA00423783)These failures resulted in not protecting the PHI for Patients 1, and 3 and had the potential for unauthorized use. Findings:CA004221861. On 1/9/15 at 9:52 a.m., during an interview, the Privacy Officer (PO) stated her office was notified by Patient 2 on 11/21/14, that she had received a "Summary of Care" report belonging to Patient 1, in addition to her own report. The PO stated Employee 1 did not check to make sure Patient 2 received the correct documents when she took them off the printer, and mistakenly gave both sets of documents to Patient 2. Patient 2 returned Patient 1's documents to the hospital and the documents were forwarded to Patient 1.The PHI breached included Patient 1's name, date of birth, address, phone number, gender, medical record number, and clinical information. The (Hospital) Policy and Procedure titled "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12, indicated "III. Guidelines: A. Protected Health Information and Records: 1. Protected health information includes any information received, created or maintained by ... in which the patient is ... identified, regardless of whether the information is in oral, paper or electronic form. I. Accurate Information: 1. It is the responsibility of all individuals who collect information from patients ... medical record ... to be as accurate and complete as possible." CA004237832. On 1/9/15 at 9:56 a.m., during an interview, the Privacy Officer (PO) stated on 12/8/14, Medical Doctor 1's office, reported receiving a faxed "Summary of Care" document that did not belong to any of their patients. The PO stated Employee 2 did not update Patient 3's Primary Care Physician information in the computer system and the document was subsequently faxed to a doctor who was no longer participating in Patient 3's care. The documents were destroyed by Medical Doctor office staff. The PHI breached included Patient 3's name, date of birth, gender, address, phone number, medical record number, account number, and clinical information.The hospital policy and procedure titled "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12, indicated "III. Guidelines: A. Protected Health Information and Records: 1. Protected health information includes any information received, created or maintained by ... in which the patient is ... identified, regardless of whether the information is in oral, paper or electronic form. I. Accurate Information: 1. It is the responsibility of all individuals who collect information from patients ... medical record ... to be as accurate and complete as possible."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights