Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 13, 2014. Also cited in 62 other reports.
Report ID: QV0W11.01, California Department of Public Health
Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview, clinical record and administrative document review the facility failed to keep Protected Health Information (PHI) confidential when:1) Patient 1's address, medical record number, and account number was sent to the wrong insurance provider . ( CA00357548)2) Patient 2's (PHI) was mistakenly given to Patient 3. Patient 2's (PHI) included his name, date of birth, gender,phone number, medical record number,account number, social security number,and insurance information. (CA00352826)3) Patient 4's utilization review information was mistakenly efaxed to the wrong payor. (CA00360176) These failures placed Patient 1, Patient 2, Patient 3 and Patient 4's PHI at a risk of unauthorized use. Findings: Referred to CA003575481. On 05/31/13 at 9:26 a.m. , Staff 2 was notified by Patient Financial Services that Patient 1's PHI was inappropriately disclosed to the wrong payer. 2. On 05/31/13 at 9:26 a.m., Staff 2 stated that the PHI disclosed included Patient 1's address, medical record number, and account number.3. On 5/31/13 the facilities policy and procedure number 1001, titled Confidentiality/Breach of Information contain the following documentation: "It is CMC (Community Medical Centers) policy to protect the privacy and security of all patient, ... information, and comply with applicable State and Federal laws and regulations. CMC may only use or disclose PHI when the patient has given authorization ..." Referred to CA003528261. On 7/3/13 at 12:00p.m., Staff 2 (Intake Specialist) stated that on 04/23/13, two patients were discharged home from the facility. Patient 2's (PHI) was mistakenly given to Patient 3.2. On 04/24/13 at 1:45p.m., Staff 2 received a phone call from Patient 3's spouse informing Staff 2 of the incident.3. On 04/24/13 the facility policy and procedure number 1001, titled Confidentiality/Breach of Information contain the following documentation: "It is CMC (Community Medical Centers) policy to protect the privacy and security of all patient, ... information, and comply with applicable State and Federal laws and regulations. CMC may only use or disclose PHI when the patient has given authorization ..." Referred to CA003601761. On 7/3/13 at 12:00p.m., Staff 2 (Intake Specialist) stated that on 6/10/13 at 1:13 p.m., Staff 5 mistakenly sent a efax containing utilization review information for Patient 4 to the wrong payor.2. On 06/28/13 at 12:59p.m., Anthem Blue Cross confirmed that the original documentation was destroyed. PHI disclosed included, patient name, date of birth, account number, and clinical assessment information.3. On 06/28/13 the facility policy and procedure number 10001, titled Confidentiality/ Breach of Information contain the following documentation: "It is CMC (Community Medical Centers) policy to protect the privacy and security of all patient, ... information, and comply with applicable State and Federal laws and regulations. CMC may only use or disclose PHI when the patient has given authorization ..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights