Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
PLACENTIA LINDA HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 17, 2012. Also cited in 6 other reports.
Report ID: 5XTI11, California Department of Public Health
Reported Entity: PLACENTIA LINDA HOSPITAL
Issue:
Based on hospital document review, the hospital failed to prevent the disclosure of eight patients' (Patients A, B, C, D, E, G, H, and I) protected health information (PHI) to unauthorized individuals. Findings:1. On 4/28/11 at 1500 hours, the hospital's imaging center discovered Patient A's PHI was disclosed to unauthorized individuals. On 4/27/11, a staff member generated a radiology report and a compact disc (CD) of a Magnetic Resonance Imaging (MRI) belonging to Patient A. However, on 4/28/11, the radiology report and Patient A's MRI CD was given to another patient by another staff member. That patient took Patient A's PHI to their doctor's office. The physician discovered the diagnostic results belonged to Patient A. The PHI disclosed included Patient A's name, date of birth, medical record number, date of service, reason for tests, physician name, radiology report and MRI results. 2. On 5/4/11 at 1330 hours, a Case Manager (CM) accidentally faxed the face sheet, History and Physical, medication reconciliation record and lab results belonging to Patient B to a transferring facility, instead of those belonging to the patient transferred. The disclosed PHI belonging to Patient B included name, address, social security number, medical record number, admission date, room number, diagnoses, head to toe physical findings by physician, physician name, medications and laboratory results.3. On 5/9/11, the hospital discovered a CM accidentally faxed Patient C's clinical review summary, progress notes, medical history, treating physician's and laboratory results to unauthorized individuals.The disclosed PHI belonging to Patient C included name, medical record number, physician's notes regarding the patient's medical status, diagnoses, physician's names, and coagulation study and liver enzyme results.4. On 5/26/11, a private citizen called the hospital's information systems department to report the receipt of a two page surgical pathology report on their private fax machine belonging to Patient D.Patient D's PHI included name, date of birth, medical record number, referring physician, surgeon, description and results of the tissue removed during surgery.The hospital's investigation showed an error with the phone system occurred on 5/23/11, when the PHI of Patient D was faxed to the unintended and unauthorized recipient.5. On 7/27/11 at 1300 hours, the hospital discovered a staff member accidentally gave the PHI of Patient E to the significant other of another patient. Both patients' involved had the same first and last name.The Patient E's PHI disclosed was a bilateral carotid artery ultrasound and Doppler study. The PHI included name, date of birth, medical record number, attending physician, cardiologist, and the results of the study.6. On 8/26/11 at 1600 hours, a staff member in the laboratory discovered Staff 4 faxed the Patient G's PHI, in the form of results of a complete blood count with a differential study of the blood, to the wrong physician's office. An investigation showed Staff 4 prepared a cover sheet for other papers to be faxed; however, when faxing Patient G's PHI Staff 4 used an already prepared cover letter with the wrong physician's office fax number on it. The PHI belonging to Patient G included name, date of birth, medical record number, physician, reason for test and results of the blood test.7. On 9/7/11 at 1400 hours, Staff 5 accidentally faxed a surgery pathology report belonging to Patient H to the oncology center at another acute hospital, instead of the surgery pathology report of the intended patient. The PHI belonging to Patient H included name, date of birth, medical record number, physician, date of service, diagnosis and the results of the surgery pathology report of the biopsy.8. On 12/22/11 at 2200 hours, Patient I was admitted to the hospital via the emergency room by Staff 6. At that time, another patient was in the process of discharge. The discharging patient's significant other signed the discharge papers that were on top of Patient I's admission paperwork. Patient I's admission paperwork was accidentally picked up with the discharge paperwork for the other patient. The PHI of Patient I included a face sheet, copy of the driver's license and medical insurance verification. The PHI disclosed the name, address, date of birth, social security number, telephone number, physician, diagnoses, reason for hospitalization, driver's license number and medical insurance verification. On 5/22/12 at 1500 hours, a conference call with the Hospital Compliance Privacy Officer confirmed the breaches of PHI occurred as documented.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280