Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 9, 2014. Also cited in 46 other reports.
Report ID: MEN311.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on observation, interview, and record review, the facility failed to safeguard confidential protected health information (PHI) for 49 patients, when a pastoral care staff member, dropped a list containing patients' PHI. This had the potential to be a breach for 46 patients' PHI.Findings:On April 9, 2014 at 2:10 PM, a visit was made to the facility to investigate an entity reported incident, of possible breach if PHI involving 49 patients.During an interview with the Director of Quality on April 9, 2014 at 2:10 PM, she stated, "On March 5, 2014, one of the chaplains had a copy of the list of patients that he was to visit for pastoral care. The list contained each patient's name, account number, medical record number, diagnosis, religion, spiritual care need, and the name of the pastoral staff assigned to them. There were 49 patients names on the list. Somewhere between the pastoral office and going to the Towers, he had lost the list. He notified the Director of Pastoral services. The two of them interviewed staff, retraced his steps, and even looked in two shredder bins on the 5th floor of the Tower where the patients were located. We notified all the patients about a possible breach. Then at a meeting on April 2, 2014, when the topic was being discussed, the Director of Behavioral Health said that she had found the papers in the hall outside the restroom, and around the corner from the Pastoral Office, and immediately shredded the list."A phone interview was conducted with the Director of Behavioral Health on April 2, 2014 at 2:30 PM. She stated, "There is a long hallway around the corner from the Pastoral Office. I found the list between the restroom and the Volunteer Office. There are no patients or visitors down in that area, only staff and students. I picked it up and put it in the shredder.A tour was taken of the area accompanied by the Director of Quality at 2:50 PM. The Pastoral Office was located off a lobby that could not be entered from the outside, and was used by the Neurological Unit patients, who were observed to be accompanied by a staff member. The area where the list of patients' names was found was in a traffic area accessible to staff only.During a follow-up interview with the Director of Quality at 2:50 PM, she stated, "It was our conclusion that the chaplain stopped to use the restroom on the way to the Towers and the paper dropped. "The patient list which contained 49 patients' names and their PHI had the potential to be view by unauthorized personnel.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights