Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 5, 2014. Also cited in 46 other reports.
Report ID: IV5211.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview and record review, the facility failed to ensure that a registered nurse (RN 1) faxed a document that contained the confidential patient information for Patient A to the correct insurance group.This resulted in a breach of Patient A's protected health information (PHI).Finding:On August 6, 2014 at 2:05 PM, a phone interview was conducted with the Facility Privacy Officer (FPO) regarding an entity reported incident of a breach of PHI for Patient A on July 5, 2013. The FPO stated, "That somewhere between July 5, 2013 and July 8, 2013 an audit of a document titled, "PHI Transfer Verification Log Case management", (a log that contained documentation of faxes sent by the case management department), was conducted by a case manager (Case Manager 1). Case Manager 1 noted during the audit, that RN 1 had faxed a document titled "Insurance - Initial Review" to the wrong insurance group for Patient A on July 5, 2013 in error."On August 6, 2014, a review of documentation that had been sent in error to the wrong insurance group by RN 1, included: Patient A's name, home address, home and work phone numbers, date of birth, age, account number, medical record number, location, diagnoses, name of insurance group and insurance group number as well as Patient A ' s emergency contact's name, home and work phone numbers,A review of the facility policy and procedure titled, "Confidentiality and Data Classification", dated January 17, 2013, it indicated: " Policy, C. Consistent Protection: Information must be protected in manner commensurate with its classification, regardless of where it resides, what form it takes, what technology was used to handle it, or what purpose(s) it serves."The failure of RN 1 to ensure the correct insurance group was chosen for Patient A, resulted in the unauthorized release of Patient A's PHI to an unintended third party via fax.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights