Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KERN MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 15, 2014. Also cited in 23 other reports.
Report ID: 5VGI11.01, California Department of Public Health
Reported Entity: KERN MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to report inadvertent disclosure of one patient's (Patient B) medical information no later than five business days of its detection. The date of this event was on 7/1/14; detected by the pharmacy department on 7/1/14; and was reported to the Department on 7/11/14, resulting in a two-day delay.Findings:During a review of the initial breach report dated 7/11/14, a pharmacist (Pharm 1) informed the Quality Department Registered Nurse (RN 1), on 7/7/14, of an incident on 7/1/14, when a patient (Patient A) returned the bottle of prescribed medication sent home with her/him but had Patient B's label (name, medication and prescription number) affixed on the bottle. During an interview with RN 1, on 7/15/14, on 12:18 PM, she stated a pharmacist (Pharm 2) filled Patient A's prescription and erroneously affixed Patient B's label on the bottle. A pharmacy technician (Tech 1) handed the bottle to Patient A on 7/1/14. RN 1 stated Patient A discovered the bottle of medication had another patient's label affixed on it so he returned the bottle to the pharmacy on the same day. During a subsequent interview with RN 1, on 7/16/14 at 9:32 AM, she was informed of the two-day delay in reporting within the required timeframe. She stated Pharm 1 did not report this incident until 7/7/14; and Pharm 1 had been informed of his reporting obligation. The facility policy and procedure titled "Privacy Breach Notification Regulations" effective date September 2013, read in part: "...V. PROCEDURE B. 4. Timeline for Reporting b) A breach is treated as discovered [sic] KMC as of the first day on which such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is a workforce member or agent of KMC. VII. EDUCATION: A. KMC staff and Business Associates will be trained of the importance of timely reporting of privacy and security incidents so that KMC may fulfill the breach notification obligations within the required timeframe."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280