Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
UNIVERSITY OF CALIFORNIA SAN FRANCISCO MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 5, 2014. Also cited in 108 other reports.
Report ID: 9LXU11, California Department of Public Health
Reported Entity: UCSF MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to maintain the confidentiality of protected health information when such information for three patients was delivered (faxed, mailed, or handed) to incorrect recipients. This had the potential for misuse of each patients confidential information.Findings:1. CA00396696 (2014-111)During an interview on 6/6/14 at approximately 2:30 PM, the hospital's Privacy Analyst (PA 1) reported that Patient A was seen in the Liver Transplant Clinic on 4/22/14 and a consultation letter was faxed to the wrong Primary Care Provider (PCP).Record review indicated the mis-faxed report contained Patient A's name, medical record number, date of visit, date of birth, clinical history, surgical history, medications, social history, physical examination, laboratory results, test results, assessment and plan of care.PA 1 stated the hospital was notified of this error on 4/24/14. PA 1 stated the consult letter was sent to the correct PCP and a letter was sent to Patient A informing this patient of the breach of his/her medical information.Record review indicated a faxed report to CDPH dated 4/29/14 notifying CDPH of the breach, and a copy of the letter sent to Patient A dated 4/28/14.2. CA00397342 (2014-116)During an interview on 6/6/14 at approximately 2:30 PM, the hospital's Privacy Analyst (PA 1) reported that Patient B was seen in the Comprehensive Cancer Center on 4/10/14 and a laboratory requisition was mailed to an incorrect recipient. PA 1 stated the hospital was notified of this error on 4/29/14 when this recipient sent the requisition back to the Comprehensive Cancer Center Urologic Surgery Department. Patient B also received a laboratory requisition on 4/10/14 so there was no delay in his/her care. Record review indicated the requisition contained Patient B's name, medical record number, date of visit, date of birth, and the laboratory test requested. Record review indicated a faxed report to CDPH dated 5/5/14 notifying CDPH of the breach, and a copy of the letter sent to Patient B dated 5/2/14.3. CA00396974 (2014-116)During an interview on 6/6/14 at approximately 3:30 PM, the hospital's Privacy Analyst (PA 2) reported that Patient C was seen in the Dermatology Clinic on 2/27/14 and an After Visit Summary was handed to the wrong patient. PA 1 stated the hospital was notified of this error on 4/24/14 when this recipient had his next visit at the Dermatology Clinic.Record review indicated the requisition contained Patient C's name, date of visit, date of birth, Diagnosis, history, medications, follow up instructions, and a chart activation code. Record review indicated a faxed report to CDPH dated 4/30/14 notifying CDPH of the breach, and a copy of the letter sent to Patient C dated 4/29/14.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights