Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Ukiah Valley Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 14, 2013. Also cited in 31 other reports.
Report ID: GW6S11, California Department of Public Health
Reported Entity: UKIAH VALLEY MEDICAL CENTER/HOSPITAL D
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of two patients' (Patient 1 and Patient 3) medical information, when a misfiled record for Patient 1 was filed under Patient 2's name, and Patient 3's demographic information was not updated upon registration. These failures allowed the unlawful or unauthorized access to Patient 2's and Patient 3's medical information. Findings:CA00364177 The California Department of Public Health was notified on 8/1/13, that a, "Breach of Protected Health Information (PHI)," occurred on 7/29/13.During an interview on 8/14/13 at 3 p.m., Administrative Staff A stated that she was notified by Unlicensed Staff C, on 7/29/13, that Patient 2's Family had come in to return Patient 1's record, which had been handed to Patient 2's family in error by Unlicensed Staff D earlier that day.Patient 1's PHI included Patient 2's handwritten name superimposed on Patient 1's information, which included her gender, age, medical record number, weight, ethnicity, address, telephone number, Patient 1's family name, physician name, and laboratory results.Administrative Staff A further stated that the original error was caused by Unlicensed Staff B, on 6/13/08, when Patient 2's name was superimposed on Patient 1's information, filed in Patient 2's file, and the second error was caused, on 7/29/13, by Unlicensed Staff D not ensuring the right patient received the correct information by double-checking that the documents matched what was requested.CA00364330The California Department of Public Health was notified on 8/1/13, that a, "Breach of Protected Health Information (PHI)," occurred on 7/23/13.During an interview on 8/14/13 at 4 p.m., Administrative Staff A stated that, on 7/29/13, she was notified by Management Staff E that Patient 3's bill was sent to Patient 3's employer, in error, because when Patient 3 was registered on 6/29/13, his demographics were not updated by Unlicensed Staff F.Administrative Staff A also stated that the breach had been discovered during an audit, on 7/29/13, by Management Staff E and then reported directly to her.Patient 3's PHI included his name, medical record number, department seen in, diagnoses, medication, and amount due.Administrative Staff A further stated that it was an error in not following policy and procedure, when Unlicensed Staff F did not update Patient 3's demographics upon admission and included Patient 3's employer, in error, as his guarantor.The Department verified that Patient 1's Family (CA00364177) was informed of breach, by mail, on 7/29/13, within the required timeframe.The Department verified that Patient 3 (CA00364330) was informed of breach, by mail, on 8/1/13, within the required timeframe.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280