Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EL CENTRO REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 13, 2012. Also cited in 38 other reports.
Report ID: 42FQ11.02, California Department of Public Health
Reported Entity: EL CENTRO REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to safeguard protected health information (PHI- is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual) from unauthorized person(s) in accordance with their policies and procedures, for 1 of 1 sampled patients (Patient 1). Patient 1's Visit Summary Sheet which contained confidential patient information was inadvertently attached to another patient's appointment card. Findings: On 3/9/12 at 4:14 P.M., the hospital reported to the Department that Patient 1's Visit Summary Sheet containing personal health information such as name, date of birth, date of service, provider information, health diagnosis, treatment and diagnosis was attached to another patient's appointment card. A review of Patient 1's medical record was conducted on 3/13/12, at 10:40 A.M. Patient 1 was admitted to the hospital's outpatient clinic on 3/7/12, and discharged on 3/7/12, per the face sheet. Patient 1's Visit Summary Sheet, dated 3/7/12, contained the following confidential patient information: name, physician's name, diagnoses, treatments and medications.A telephone interview with the outpatient clinic manager (OCM) was conducted on 3/13/12 at 11:18 A.M. The OCM stated that the medical assistant did not recall attaching Patient 1's Visit Summary Sheet to another patient's appointment card. She stated that the expectation of staff at the clinic was to follow the hospital's policy by checking all documents to ensure that the documents belonged to the correct patient before being released. A review of the hospital's policy entitled, "Access to and Maintenance of the Health Record," last review date of 7/21/11, was conducted on 3/13/12. The policy stipulated that, "All individuals engaged in the collection, handling or dissemination of patient health information should protect the confidentiality of patient data." Per the same policy, it indicated that "The collection of any data relative to a patient whether by interview, observation or review of documents shall be conducted in a setting, which provides maximum privacy and protects the information from being accessed by an unauthorized individual."An interview with the privacy officer was conducted on 3/13/12, at 11:30 A.M. The privacy officer acknowledged that an unauthorized disclosure of confidential patient information occurred when Patient 1's Visit Summary Sheet was attached to another patient's appointment card. She acknowledged that the hospital's policy entitled, "Access to and Maintenance of the Health Record," was not followed.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights