Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VALLEY CHILDREN'S HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 13, 2014. Also cited in 40 other reports.
Report ID: 1FL611, California Department of Public Health
Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA
Issue:
Based on staff interview, facility and administrative document review, the facility failed to keep Protected Health Information (PHI) confidential when:1. A facility letter for the family of Patient 1 was sent to an incorrect address. (CA00399612)2. A facility form for physical referral for Patient 2 was sent to a private fax machine. (CA00399553)3. A facility physical therapy evaluation report for Patient 3 was mailed to the family of Patient 4. (CA00400190)Findings:CA003996121. On 6/13/14 at 8:45 a.m., during an interview, the Accreditation Coordinator (AC) stated the Ambulatory Services Representative (ASR) 1 sent a letter for the family of Patient 1 to an incorrect address. The AC stated the address for Patient 1 was not input correctly into the facility computer system. The AC stated the ASR 1 did not verify Patient 1's address after inputting it. She stated the ASR 1 should have verified the address was correct after typing it into the computer system.The PHI breached included Patient 1's name and date of service.The facility policy and procedure titled, "Confidentiality" dated 8/11, indicated, "... All information that is deemed confidential by [the facility]and/or by specific legal statutes shall be kept confidential ..."CA003995532. On 6/13/14 at 8:50 a.m., during an interview, the Accreditation Coordinator (AC) stated the Ambulatory Services Representative (ASR) 2 sent Patient 2's physical therapy referral to a private individual's fax machine. The AC stated the ASR 2 did not verify the number she entered on the fax machine was correct. The AC stated the ASR 2 should have verified the number prior to sending the fax.The PHI breached included Patient 2's name, birth date, address, and diagnosis.The facility policy and procedure titled, "Confidentiality" dated 8/11, indicated, "... All information that is deemed confidential by [the facility]and/or by specific legal statutes shall be kept confidential ..."The facility policy and procedure titled, "Facsimile Machines" dated 8/11, indicated, "Policy ... All individuals using a facsimile machine to transmit either patient or organizational information will be accountable for ensuring that the information is transmitted to the appropriate destination..."CA004001903. On 6/13/14 at 8:56 a.m., during an interview, the Accreditation Coordinator (AC) stated Patient 3's physical therapy evaluation was mailed to the family of Patient 4 by the Ambulatory Services Representative (ASR) 3. The AC stated the ASR 3 did not verify each document she mailed to Patient 4's family. The AC stated the ASR 3 should have verified each document prior to mailing.The PHI disclosed included Patient 3's name, date of birth, medical record number, account number, diagnosis, and medical history.The facility policy and procedure titled, "Confidentiality" dated 8/11, indicated, "... All information that is deemed confidential by [the facility]and/or by specific legal statutes shall be kept confidential ..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights