Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VALLEY CHILDREN'S HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 13, 2012. Also cited in 40 other reports.
Report ID: EK7F11, California Department of Public Health
Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA
Issue:
Based on staff interview, facility and administrative document review the facility failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's PHI was faxed to an outside business in error.2. Patient 2's Prescription was mistakenly given to Patient 3.This failure placed Patient 1 and Patient 2's PHI at a potential risk for unauthorized use.Findings:Refer to CA00298647 1. On 3/8/12 at 10:10 a.m., during an interview, Staff 1 (Privacy Officer) stated on 1/27/12 the facility was notified of a possible privacy breach. The facility's internal investigation revealed Patient 1's PHI was faxed to the Kern County Jail in error.On 3/8/12 at 10:10 a.m., during an interview, Staff 1 stated the PHI consisted of an evaluation form and patient demographics that contained Patient 1's name, date of birth, date of service, medical record number, account number, attending physician, and clinical information regarding Patient 1's Diabetes. The facility policy and procedure number PR-1016, titled "Confidentiality" contained the following documentation: "It is the policy to respect and protect the privacy rights of patients. All information that is deemed confidential [by Facility] ...shall be kept confidential. [Facility] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intentional or unintentional..."The facility policy and procedure AD-5015, titled "Facsimile Machines" contained the following documentation: "Proper and cautious use of facsimile machines is essential to protect ...confidentiality... When confidential information is faxed to a destination number that is not pre-programmed, the fax machine operator shall be responsible for double checking the accuracy of the number in the machine's display before sending the fax. ....staff are strongly encouraged to follow-up the transmission with a telephone call to confirm that the receiving party did, in fact, receive the facsimile." Refer to CA00300708.2. On 3/8/12 at 10:10 a.m., during an interview, Staff 1 (Privacy Officer) stated on 2/15/12 the facility was notified of a possible privacy breach. The facility's internal investigation revealed that during the discharge process Patient 2's prescription was mistakenly given to Patient 3. Staff 1 stated it was the facility policy for staff to check each patients identification band to ensure the right patient receives the right documents.On 3/8/12 at 10:10 a.m., during an interview, Staff 1 stated the prescription contained Patient 2's name, date of birth, date of service, and medication prescribed. The facility policy and procedure number PR-1016, titled "Confidentiality" contained the following documentation: "It is the policy to respect and protect the privacy rights of patients. All information that is deemed confidential [by Facility] ...shall be kept confidential. [Facility] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intentional or unintentional..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights