Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 21, 2014. Also cited in 62 other reports.
Report ID: 1K9Z11, California Department of Public Health
Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's medical information was faxed to an unauthorized recipient. (refer to CA00359255)2. Patient 1's home medication was given to another patient on discharge. (refer to CA00379569)These failures resulted in the unauthorized disclosure of Patient 1 and 2's PHI and the potential for abuse of that information.Findings: Refer to CA00359255 1. On 2/21/14 at 11:00 a.m., during an interview the Privacy Officer(PO) stated that a staff member inadvertently faxed Patient's 1 Imaging results to a Home Health Agency. The fax was intended for Patient's 1 physician. Patient 1's PHI breached included name, date of birth, medical record number, medical history, results of the swallow study, and treatment recommendations.The Hospital's Policy and Procedure titled "HIPAA General Rules for the Use and Disclosure of PHI", dated 4/18/12, indicated "III. Policy A. It is the policy of [hospital] to protect the privacy and security of patient information and to comply with applicable laws and regulations."Refer to CA003795692. On 2/21/14 at 9:30 a.m., during an interview, the Privacy Officer (PO) stated Patient 2's home medication was given to another patient during the discharge process. Patient 2's PHI breached included name and name of the medication.The Hospital's Policy and Procedure titled "HIPAA General Rules for the Use and Disclosure of PHI", dated 4/18/12, indicated "III. Policy A. It is the policy of [hospital] to protect the privacy and security of patient information and to comply with applicable laws and regulations."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights