Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 18, 2012. Also cited in 64 other reports.
Report ID: E3TV11, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Based on staff interview, facility and administrative document review the facility failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's discharge instructions were mistakenly given to Patient 2.2. Patient 3's PHI was mistakenly faxed to a private business.3. Patient 4's laboratory report was mistakenly faxed to a private business.These failures placed the PHI for Patients 1, 3 and 4 at a potential risk for unauthorized use.Refer to CA003071081. 5/18/12 at 3:10 p.m. Staff 1 (Privacy Officer) stated on 4/12/12 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on approximately 4/11/12 Staff 2 (Registered Nurse) mistakenly gave Patient 1's discharge instructions to Patient 2. Staff 1 stated it was Staff 2's responsibility to check the patients' identification band to ensure the right patient received the right documents.On 5/18/12 at 3:22 p.m., Staff 1 stated the discharge instructions contained Patient 1's name, date of birth, date of service, medical record number, account number and general care instructions.On 5/18/12 the facility policy and procedure number 1.0.0, titled "Privacy Policy Overview" contained the following documentation: " Privacy Policies and Procedures have been established to outline directives relating to the Protected Health Information ("PHI") of Patients. These directives include: Protecting the privacy of the PHI of Patients in accordance with California and federal requirements. ...Affording Patients their rights with respect to their PHI in accordance with California and federal requirements."Refer to CA003071132. 5/18/12 at 3:10 p.m. Staff 1 stated on 4/12/12 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on 4/11/12 Staff 3 (Social Worker) mistakenly faxed a suspected elder abuse form, contained Patient 3's PHI, to a private business. Staff 1 stated it was Staff 3's responsibility to ensure all faxed transmissions were sent to the correct destination. On 5/18/12 at 3:22 p.m., Staff 1 stated the suspected elder abuse form contained Patient 3's name, date of birth, date of service and a general description of suspected elder abuse.On 5/18/12 the facility policy and procedure number 1.0.0, titled "Privacy Policy Overview" contained the following documentation: " Privacy Policies and Procedures have been established to outline directives relating to the Protected Health Information ("PHI") of Patients. These directives include: Protecting the privacy of the PHI of Patients in accordance with California and federal requirements. ...Affording Patients their rights with respect to their PHI in accordance with California and federal requirements."The facility policy and procedure number VI-32 titled "Transmission of Medical Records by Facsimile" contained the following documentation: "The sender must verify the telephone the availability of the authorized receiver before beginning transmission."Refer to CA003071223. 5/18/12 at 3:10 p.m. Staff 1 stated on 4/17/12 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on 4/11/12 Patient 4's laboratory report was mistakenly faxed to a private business. Staff 1 stated it was staffs responsibility to ensure all faxed transmissions were sent to the correct destination. On 5/18/12 at 3:22 p.m., Staff 1 stated the laboratory report contained Patient 4's name, date of birth, date of service, medical record number, account number and laboratory results.On 5/18/12 the facility policy and procedure number 1.0.0, titled "Privacy Policy Overview" contained the following documentation: " Privacy Policies and Procedures have been established to outline directives relating to the Protected Health Information ("PHI") of Patients. These directives include: Protecting the privacy of the PHI of Patients in accordance with California and federal requirements. ...Affording Patients their rights with respect to their PHI in accordance with California and federal requirements."The facility policy and procedure number VI-32 titled "Transmission of Medical Records by Facsimile" contained the following documentation: "The sender must verify the telephone the availability of the authorized receiver before beginning transmission."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights