Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 29, 2015. Also cited in 44 other reports.
Report ID: 2ZX911.01, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on interview and record review the facility failed to ensure the confidential treatment of protected health information for Patient A, when Patient B was given a laboratory order that belonged to Patient A, resulting in a breach of Patient A's confidential health information.During a phone interview on June 29, 2015 at 8:30 AM, with Privacy Security Compliance Specialist (PSCS) when asked which employee gave Patient B the laboratory orders for Patient A,the PSCS said," I don't know."During a phone interview conducted on July 1, 2015 at 4:05 PM, with the Patient Care Surgical Oncology Supervisor (PCSOS) when asked the discharge process the PCSOS stated," The physician tells them which patient is going to be discharged and one of the nurses will discharge the patient. Each clinic was staffed with one registered nurse and one licensed vocational nurse, on that particular day. On April 30, 2015, there were two licensed vocational nurses because one of them was training." When asked, do you have a tracking system to verify which nurse discharged Patient B the PCSOS stated, "No".A review of Patient A's laboratory order included: Name, date of birth, home phone number, address, sex, medical insurance, blood drawn for different tests, the registered nurse name,medical diagnosis, and the doctor's name and his license numbers.The facility policy and procedure titled, "Uses and Disclosures of Protected Health Information", dated April of 2015, indicated: "Employees shall establish the identity of individuals to whom they disclose PHI to limit the possibility of unauthorized disclosures. Prior to disclosing PHI, employees shall ask specific questions (e.g., date of birth, Social Security number, telephone number, or address) that could be answered only by the patient, the patient's representative, or those individuals with legitimate business need and compare the information provided with the information contained in the documentation to be disclosed to the patient. Prior to disclosing PHI, employees shall ensure that all documents /information being disclosed belongs to the requesting patient and does not include any documents/information belonging to another patient. Special attention needs to be given to documents removed directly from printer or fax machines as information about other patients may be mingled together."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights