Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
UNIVERSITY OF CALIFORNIA SAN FRANCISCO MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 21, 2013. Also cited in 108 other reports.
Report ID: WZ5T11.01, California Department of Public Health
Reported Entity: UCSF MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to provide confidential treatment of patient records when Practitioner 1 posted a patient's before and after surgical site photo along with health information on Practitioner 1's Facebook page. Findings:In an interview on 11/22/13 at 4:00PM, Quality Assurance Manager (QM) stated that a Practitioner 1(P1) in the dermatology department posted a photo of a patient before and after surgical procedure on his (P1's) Facebook page without obtaining permission from the patient. QM stated the department's physician vice chair (VC) was contacted by a private physician (not affiliated with the hospital's teaching program) who saw the pictures and said he was "concerned about the Facebook account". QM stated during the meeting between VC and P1, P1 acknowledged the posting of pictures on his Facebook page and explained that he wanted to show the benefits of surgery and had verbal consent of the patient to post pictures. QM stated investigation revealed that P1 said he had obtained permission for the posting of the photo but patient interview indicated that no permission had been granted by patient for the photos to be posted online. QM stated the facility's investigation indicated:1) The breach was known by the facility on 11/4/13. 2) Vice chair of department interviewed P1 on 11/5/13. P1 removed photo from his Facebook page after consultation with Vice chair.3) Telephone call to and letter sent to patient on 11/7/13 notifying him of the breach. 4)The Department was notified on 11/8/13 of the medical information breach. Record review indicated a copy of P1's Facebook page which revealed a close up of the right side of patient's face marked to show area of surgical procedure lesion removal before and after procedure.Record review indicated a faxed notice, dated 11/6/13 notifying CDPH of the breach of patient's confidential information and a faxed notice, dated 11/8/13 notifying the patient of the breach of some of his (patient's) health information.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights