Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CLOVIS COMMUNITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 12, 2013. Also cited in 27 other reports.
Report ID: DHHU11, California Department of Public Health
Reported Entity: CLOVIS COMMUNITY MEDICAL CENTER
Issue:
Based on staff interview, clinical record and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. A prescription belonging to Patient 1 was given by staff to Patient 2. (refer to CA00341299)2. A lab request for a Newborn Screening Test (NST) belonging to Patient 3 was left in Patient 4's crib in error. (refer to CA00342739) These failures resulted in unprotected PHI for Patients 1 and 3 and had the potential for unauthorized use. Findings:Refer to CA00341299On 7/12/13 at 3:40 p.m., during a telephone interview, the Privacy Officer (PO) confirmed on 1/18/13, Patient 1's PHI had been breached when a prescription belonging to Patient 1 was given to Patient 2. This error was discovered on 1/21/13, when Patient 2 presented both her own prescription and Patient 1's prescription to the pharmacy. The pharmacist threw Patient 1's prescription away. On 1/21/13 at 9:44 a.m., Patient 2 contacted and informed the hospital this had occurred. The error was reported to the department on 1/25/13. Patient 1's PHI which was breached included the following: Name, date of birth, home address, telephone number, and new prescriptions. A certified mail receipt indicated on 1/25/13, Patient 1 was notified the breach had occurred. Refer to CA00342739On 7/12/13 at 3:50 p.m., during a telephone interview, the Privacy Officer (PO) confirmed on 1/31/13, Patient 3's PHI had been breached when a lab assistant left a form requesting a NBS (newborn screening) belonging to Patient 3 in Patient 4's crib. Patient 4's father found the form, realized it was not his baby's information and returned the form to the nurse's station. On 2/1/13, the PO became aware of the incident and the error was reported to the department on 2/7/13. Patient 3's PHI which was breached included the following: Baby's name, date of birth, birth weight, gestational age, medical record number, home address, mother's maiden name, mother's date of birth, last four digits of mother's social security number, telephone numbers, physician information, race, and primary language. A certified mail receipt indicated on 2/9/13, Patient 1's parents were notified the breach had occurred. The hospital's Policy and Procedure Number 12136 titled, "HIPAA [Health Insurance Portability and Accountability Act] General Rules for the Use and Disclosure of PHI," dated 4/18/12, "...It is the policy of [Hospital's identity] to protect the privacy and security of patient information...Protected Health Information includes any information received, created, or maintained by [Hospital's identity] in which the patient is or may reasonably be identified...[Hospital's identity] may only use or disclose PHI if: a the patient has given a valid authorization..."The hospital's Policy and Procedure Number 10001 titled, "Confidentiality/Breach of Information," dated 8/17/10, indicated, "...It is 'Hospital's identity] policy to protect the privacy and security of all patient, employee, and business information, and comply with applicable State and Federal laws and regulations."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights