Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VALLEY CHILDREN'S HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 24, 2014. Also cited in 40 other reports.
Report ID: RQJ111, California Department of Public Health
Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA
Issue:
Based on staff interview, clinical and administrative document review, the facility failed to keep Protected Health Information (PHI) confidential when:1) On 12/25/13 a discharge instruction packet, including prescriptions, for Patient 1 was given to Patient 2. (CA00382125)2) On 12/12/13 a copy of an X-ray for Patient 3 was given to Patient 4. (CA00381019)3) On 12/12/13 an appointment sheet for Patient 5 was given to Patient 6. (CA00381390)4) On 12/26/13 a discharge instruction packet, including prescriptions, for Patient 7 was given to Patient 8. (CA00382124)These failures resulted in unauthorized access to Patients 1, 3, 5, and 7's PHI and the potential for abuse of the PHI.Findings:CA003821251) On 1/24/13 at 1:47 p.m., the Accreditation Coordinator (AC) stated Registered Nurse 1 (RN1) gave the discharge instruction packet, including prescriptions, for Patient 1 to Patient 2. The AC stated that RN1 did not verify identification of the patient properly before giving the discharge instructions to Patient 1. RN1 should have checked each page of the discharge packet to verify it was being given to the correct patient.The PHI breached included Patient 1's name, date of birth, weight, sex, address, telephone number, medical record number, hospital account number, doctor's name and name of medication.The hospital Policy/Procedure Number PR-1016 dated 08/11 indicated, "it is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees, and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential..."CA003810192) On 1/24/14 at 1:54 p.m., AC stated Orthopedic Technician (OT) gave a copy of an X-ray for Patient 3 to Patient 4. The AC stated that this error occurred as a result of the staff not verifying Patient 4's identification.The PHI breached included Patient 3's name, date of birth and medical record number.The hospital Policy/Procedure Number PR-1016 dated 08/11 indicated, "it is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees, and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential..."CA003813903) On 1/24/2014 at 2:02 p.m., AC stated that Ambulatory Service Representative (ASR) gave an appointment sheet for Patient 5 to Patient 6 during checkout in the Orthopedic Clinic. The AC stated that the error occurred as a result of the employee failing to confirm the correct patient identification which includes name, date of birth, and verbal identification of the patient by the responsible party.The PHI breached included Patient 5's name, date of birth, and medical record number.The hospital Policy/Procedure Number PR-1016 dated 08/11 indicated, "it is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees, and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential...".CA003821244) On 1/24/14 at 2:10 p.m. AC stated that Registered Nurse 2 (RN2) gave the discharge instruction packet, including prescriptions, for Patient 7 to Patient 8. The AC stated that RN2 did not verify identification of the patient properly before giving the discharge instructions. RN2 should have checked each page of the discharge packet to verify it was being given to the correct patient.The PHI breached included Patient 1's name, date of birth, weight, sex, address, telephone number, medical record number, hospital account number, doctor's name and name of medication.The hospital Policy/Procedure Number PR-1016 dated 08/11 indicated, "it is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees, and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights