Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 26, 2014. Also cited in 46 other reports.
Report ID: NLDB11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of Patient B's protected health information (PHI), when an Emergency Department Registered Nurse (RN 1) released the discharge paperwork and prescription to Patient A, that contained the name, medical record number and date of birth for Patient B at the time Patient A was discharged from the emergency department (ED). This resulted in a breach of PHI for Patient B.Findings:On July 2, 2014 at 4:55 PM, a telephone interview was conducted with the Facility Privacy Officer (FPO) regarding an entity reported incident of a breach of PHI for Patient B, that occurred on April 3, 2013. The FPO stated "It looks like the ED physician selected the wrong patient name (Patient B), who was discharged, but not taken out of the ED computer system and entered discharge instructions (DCI) in Exit-Writer and prescriptions for Patient A. The physician or RN 1 did not double check the name on every page of the documentation before giving it to Patient A. " During a review of the documentation that had been given to Patient A, it was noted that the presciprtion was signed by a Physician's Assistant (PA-C) and the PHI breached included Patient B's name, medical record number and date of birth. A review of the facility policy and procedure titled, "Data Security Policy", dated January 2012 indicated:"The purpose of this policy is to implement certain aspects of (facility name) privacy principles and applicable federal and state laws in order to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other federal and state laws governing protection of confidential information""3. Information or electronic data: entered into, received by, printed from, transmitted over or throught, processed by, stored on, or in any way involved with an electronic information asses, regardless of media"The failure to ensure all papers included in the discharge paperwork contained only Patient A's PHI resulted in the unauthorized release of Patient B's PHI to Patient A.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights