Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSPITAL-MORENO VALLEY
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 30, 2012. Also cited in 13 other reports.
Report ID: 103V11.01, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSPITAL-MORENO VALLEY
Issue:
Based on interview, record and facility policy review, the facility failed to prevent unauthorized disclosure of Patient A's Protected Health Information (PHI). This failure had the potential to result in misuse of private information.Findings:On November 30, 2012, at 1:30 p.m., the Director of Accreditation, Regulation, and Licensing (DARL), was interviewed. The DARL stated the facility received an anonymous phone call on October 15, 2012, to inform them of a potential breach. The caller stated that an employee of the facility had used a social networking site (Facebook), to post that "[Patient 1's name] was in the house," referring to the fact that the patient was currently at the facility. The allegation was handed off to Compliance and Human Resources (HR) to investigate.In a concurrent interview with the Emergency Department Manager (EDM), she stated the employee was off work, and in the ED with her daughter when she posted her location. The employee then posted that another patient (Patient 1), that frequented the ED was also currently in house. The EDM stated the post was visible on the web site for a couple days before the employee deleted it. The EDM stated three witnesses confirmed the posting of the patient's name and the employee admitted she posted Patient 1's name.A review of Employee 1's file revealed a "Corrective Action Process - Level 5: Termination." The detailed explanation indicated, "It was alleged and confirmed that [Employee 1] inappropriately disclosed patient information on a social media site... Witnesses confirmed that [Employee 1] posted [Patient 1's] name on Facebook and indicated that he was 'in the house'... In conclusion, the information gathered at the investigatory meeting and subsequent investigation indicates that you have violated the patient's PHI" (Protected Health Information).The facility policy titled, "Obligations regarding Confidentiality," dated July 5, 2012, was reviewed. The policy indicated, "Employees are required to protect confidential patient, member, personnel and business information from unauthorized access, use, or disclosure."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280