Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 20, 2015. Also cited in 44 other reports.
Report ID: FK7D11, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on interview, and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when a Unit Secretary (US) gave Patient A's diagnostic orders to Patient B upon discharge. This failure resulted in a breach of Patient A's PHI.Findings: During a interview on May 29, 2015 at 8:28 AM, with the Compliance Specialist (CS) regarding an entity reported incident of a breach of PHI for Patient A, detected on April 29, 2015. The CS stated, the Unit Secretary (US) gave Patient A's diagnostic orders to Patient B at time of discharge. Patient B contacted and informed the facility that they had received Patient A's diagnostic orders and subsequently destroyed the breached documents. During a interview with the US on June 10, 2015 at 4:10 PM, she stated, once the after visit summary was printed, she stapled it together and handed the after visit summary to Patient B and continued with her work. Twenty minutes later she was looking for diagnostic orders for Patient A, and realized she must have handed Patient B's diagnostic orders to Patient A. When asked why this happened, the US stated, "I didnt mean for it to happen." It was an honest mistake." The US stated, she realized that she picked up Patient A's diagnostic orders with the after visit summary for Patient B and handed it to Patient B. When asked what the facility's process to maintain confidentiality when handing out the after visit summary, the US stated, the doctor prints out the after visit summary, the after visit summary is stapled together. The after visit summary is reviewed and handed out with new orders to the patient. The name on the after visit summary is verified with the correct patient, we verify each document belongs to the correct patient.During a review of the documents that had been disclosed to Patient B, the documentation contained Patient A's name, date of birth, medical record number, phone number, address, diagnosis, insurance provider, physician name and diagnostic orders.A review of the facility's policy and procedure titled, "Protection Of Patient Privacy" dated April, 2015, indicated all (Name of facility) employees, members...shall be responsible for maintaining the confidentiality of patient information.The failure of the US to verify all documents belonged to the intended recipient, Patient B, resulted in the unauthorized release of PAtient A's PHI to Patient B.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights