Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
MAMMOTH HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 23, 2014. Also cited in 15 other reports.
Report ID: UT2611, California Department of Public Health
Reported Entity: MAMMOTH HOSPITAL
Issue:
Based on interview, and record review, the facility failed to ensure that the correct patient billing information for medical services rendered was sent to the appropriate payer. This failure resulted in a breach of Patient A's confidential information being sent to his prior employer. Findings;On October 6, 2014 at 10:00 AM, a phone interview was conducted with the facility privacy officer (FPO) regarding a self -report of a possible breach of protected health information (PHI) for Patient A. The FPO stated "that the owner of a business came into the hospital with a bill for services for a former employee. The owner claimed that Patient A was no longer employed by his company and he was not responsible for the bill." The billing statement for Patient A was a "Detail of Services Included In Your Consolidated Statement" which included Patient A's name, date of service and description of service.The FPO stated "that Patient A had two separate encounters at the hospital on the same day which required registration. During both encounters Employees A and B failed to change the guarantor information"During a review of the hospitals "Incident Report" the first encounter Patient A had was with Employee A who failed to change the guarantor information in the computer from a previous encounter. During the second encounter Employee B, also failed to change the guarantor information. Patient A had completed a registration form which included the correct billing information. Each of these employees departments use seperate billing programs and only one of the two encounters generated a bill that was sent out in error which containted Patient's A protected health information.During a review of the facility policy and procedure, titled, "Release of Protected Health Information," dated March 29, 2013, it defines Protected Health Information as, "Individually identifiable health information that is transmitted , or maintained in any medium, including oral statements."A review of facility policy and procedure titled "Release of Protected Health Information", effective date March 29, 2013 indicated:"No person without a legitimate "need to know" reason directly related to patient care or to the bona fide interest of (facility name) will be granted access to patient information in any form or at any time. Persons who attempt to access patient information without authorization will be subject to immediate disciplinary action and possible immediate dismissal."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights