Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
QUEEN OF THE VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 22, 2012. Also cited in 17 other reports.
Report ID: VRDT11, California Department of Public Health
Reported Entity: QUEEN OF THE VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of eleven patients' health information when the facility sent eleven letters to the eleven patients that included the patient's own health information plus ten other patients' health information. This failure allowed the unlawful or unauthorized access to patient medical information. (Patient 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, and 11) Findings:The California Department of Public Health was notified on 10/19/12 that a, breach of health information, occurred on 10/8/12.During an interview on 10/22/12 at 2:50 p.m., Administrative Staff A stated that he received notification, on 10/16/12 that a breach occurred. Administrative Staff A further stated that each of the eleven patients (Patients 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, and 11) had received their own and ten other patients' health information that included name, address, telephone number, age, sex, date of birth, insurance claim and policy numbers, patient account number, date of service, a description of the service provided.Administrative Staff A also stated that it was the responsibility of Unlicensed Staff B to remove the PHI that did not belong to each of the eleven patients and send them only the information that was relevant to them and that this was not done due to human error.The facility Policy and Procedure for, "CONFIDENTIALITY" (2/3/11 ) reveals the following: 3.0 POLICY The protection of confidential, sensitive, and proprietary information is of critical importance to the facility, its work-force, and its patients. In addition, the safeguarding of patient information from unauthorized, inappropriate, and unlawful use and disclosure is required by law and is consistent with the values of the facility. Employees are required to follow all policies and procedures and the facilities Standards of Conduct regarding use and disclosure of business patient information, and to comply with all safeguards applicable to the employee's work area and the employee's scope of duty in order to ensure that business and patient information is safeguarded at all times...1.1.2 The employee will only use and disclose that patient information that is minimally necessary in order to accomplish the intended purpose of the use or disclosure..1.1.3 The employee will follow all facility policies and procedures and the facility's Standards of Conduct and take all precautions to prevent any intentional or unintentional use or disclosure of any trade secrets or confidential information about the facility, its employees, and its programs.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280