Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
MAMMOTH HOSPITAL
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 6, 2014. Also cited in 15 other reports.
Report ID: TY7Y11.02, California Department of Public Health
Reported Entity: MAMMOTH HOSPITAL
Issue:
Based on interview, and record review, the facility failed to ensure a patient access representative, orthopedics, followed facility policies and procedures to protect patient confidential protected health information (PHI), when the emergency contact and guarantor information entered for Patient A during the registration process at the facility was for Patient B. This failure resulted in Patient B receiving Patient A's medical bill. Patient A and Patient B had the same first and last names.Findings;A review of the face sheet indicated that Patient A was admitted to the facility on December 10, 2012 for follow up exam and radiological studies (x-rays). Patient A was discharged on the same date.On July 21, 2014 a review of the facility's "Incident Report" indicated that a patient accounting representative, orthopedics, contacted the facilities privacy officer (FPO) on March 5, 2013 regarding a letter from Patient B with a bill received in error on another patient (Patient A). A summary of the facility's investigation into the breach, indicated the error of the bill going to the Patient B instead of Patient A's guarantor. On July 21, 2014 at 11:00 AM, a phone interview was conducted with the facility privacy officer (FPO) regarding a self-report of a possible breach of protected health information (PHI) for Patient A. The FPO stated, " The patient access representative, orthopedics who registered Patient A at the facility on December, 2012, had entered Patient B's information (name, address and phone number) as the guarantor. The bill was then sent to Patient B".A review of the bill that was provided to Patient A by the facility, with a statement date of January 15, 2013, listed Patient A's name, date of service, account number, visit description and the balance owed. A review of facility document titled "Patient Registration Procedure", undated, indicated:"Definitions""Registration Form-For a new patient, the patient will fill out the registration form in its entirety. For returning patient, patient will initial form that all the information is correct. This form is to be done yearly and also be confirmed verbally at the appointment making time and at check in." \"Registration""For existing patients demographic and insurance information can be used from a previous encounter from the same month, but will be verified at each visit."The facility failed to protect Patient A's right to privacy resulting in the unauthorized disclosure of Patient A's PHI to Patient B.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights