Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 1, 2012. Also cited in 46 other reports.
Report ID: VV2E11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview and record review, the facility failed to ensure that protected health information (PHI) for 3 patients (Patient A, B and C) was maintained in a confidential manner. Patients A and B had their PHI on an intravenous (IV) antibiotic (ABT) bag (antibiotics given through a tube in the vein) that was taken by a traveling registered nurse (RN), and seen by her roommate. Patient C's PHI was faxed between facilities, however, was never recovered. This placed the three patients at risk of not receiving necessary treatment.FindingsOn 10/1/12 at 2:00 PM, an investigation was initiated for two entity reported events as follows:a. Patient A and Patient B were to receive IV therapy with antibiotics. A traveling RN had taken their IV antibiotics home. According to the entity reported event, the RN's roommate found the IV bags and returned them to the facility.b. Patient C was a patient in a sister facility (general acute care hospital-GACH 2) emergency room (ER). Patient C had received a specialized cardiac test at the facility (GACH 1) and the physician at GACH 2 wanted to see the test results and requested they be sent by facsimile (FAX) to GACH 2 ER.During a phone interview with the facility privacy officer at GACH 1 on 10/1/12 at 1:00 PM she described the incidents as follows:a. "A man pulled up and told security guard that he had found the IV's in the refrigerator at home and stated, "I'm tired of her doing this!", and turned in two IV antibiotic bags. One was for Patient A (Ampicillin 2 GM in normal saline), and the second for Patient B (Pen G 2.5 million units in D5W). The pharmacist reviewed their record and found that the patients had received their prescribed medications from the emergency kit. Both patients were notified of the breach."b. "The ER RN at our facility did not follow protocol for faxing, and got a verbal report from the RN at GACH 2 of their ER fax number. The RN from our facility sent the fax to that number but it was never received. We tried to trace it but have been unable to locate where the fax was sent." Patient C was also notified of the breach.A review of the policy and procedure (P&P) titled, "Protected Health Information (PHI), transfer of , dated 8/12, indicated employees were to "complete a PHI facsimile test cover sheet and fax to the requesting party. " The receiving party is to then send back this sheet to confirm it was received. A second staff is to witness what is faxed and the fax number and enter it into the log which requires both signatures.The facility privacy officer confirmed that policy had not been followed to prevent a breach of PHI in either of these cases.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights