Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSPITAL-MORENO VALLEY
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 16, 2014. Also cited in 13 other reports.
Report ID: NUJR11, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSPITAL-MORENO VALLEY
Issue:
Based on interview and record review, the facility failed to ensure Patient A's protected health information (PHI) remained confidential. This failure led to the unauthorized disclosure of Patient A's PHI to an unauthorized recipient and the potential for misuse of the information. Findings:During an interview with the Director of Accreditation, Regulation and Licensing (DARL), on June 16, 2014, at 1:40 p.m., the DARL stated Patient B's parent notified the facility on May 30, 2014, that she received a CD (Computerized Disc) meant for another patient. The CD was labeled with Patient A's name, medical record number, date of birth and date of service. The DARL stated Health Insurance Portability and Accountability Act (HIPAA) training was mandatory and conducted on a yearly basis. The DARL stated the emphasis of training was "double checking each item given to a patient." A copy of the letter sent to Patient A was reviewed. The letter, dated June 2, 2014, indicated, "A compact disk containing your protected health information was inadvertently provided to a patient's parent. The disk was returned to the facility. The following information was available for viewing: Your name, medical record number, date of birth, type of study, and x-ray images." A review of the facility policy,"Protected Health Information: Process for Distributing Documents," with an effective date of April 2014, indicated its purpose was, "To ensure patient confidentiality and protect the organization by confirming that documents containing Protected Health Information(PHI) are given to the correct member or caregiver." Procedures included highlighting the medical record number, asking the member, parent, or caregiver to state theirname, and reviewing the documents with the member or caregiver.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280