Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SANTA CLARA VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 12, 2014. Also cited in 90 other reports.
Report ID: KSC411.01, California Department of Public Health
Reported Entity: SANTA CLARA VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to prevent the unauthorized disclosure of patient health information (PHI) for one of two sampled patients (1), when Patient 1's PHI was inadvertently faxed to Patient 2's family member (P2FM). The failure resulted in inadvertent disclosure of PHI to an unauthorized individual. Findings:The California Department of Public Health received a faxed report on 6/19/13, which indicated P2FM received a faxed letter from one of the hospital's clinics which contained PHI for Patient 1. An internal investigation determined a physician (MD A) had treated both Patients 1 and 2, and had prepared letters to both patients. MD A had written a note, which was attached to both letters, instructing her medical assistant (MA A) to fax the letters to P2FM. MA A faxed both patients' letters to P2FM.During an interview on 8/12/14 at 10:30 a.m., the ethics and compliance officer (ECO) stated that on 6/10/13, P2FM received a fax from one of the hospital's clinics which included Patient 1's and Patient 2's medical information. ECO stated Patient 1's full name, medical record number, address, laboratory results, and follow-up had been disclosed. P2FM noticed the fax had information for Patient 1, so she emailed MD A, notifying her of the faxing error. During an interview on 8/14/14 at 3:30 p.m., MA A stated she had inadvertently sent a fax to P2FM with a letter intended for Patient 1 attached. MA A stated MD A had placed the letters on her desk with a note attached which indicated to fax to P2FM. MA A stated she faxed the letters without looking at the second page. MA A further stated, P2FM emailed MD A to inform her of the error, and MD A informed MA A's manager. MA A stated she was aware of the error once her manager had brought it to her attention.A review of a copy of a letter dated 6/19/13 from the hospital to Patient 1's guardian indicated P2FM had received a letter, on 6/10/13 with information intended for Patient 1. The letter disclosed Patient 1's full name, medical record number, address, lab result, and care plan.A review of a copy of the letter faxed to P2FM, indicated Patient 1's name, address, medical record number, and sodium level along with plan of care had been disclosed.A review of the hospital's 12/27/13 "Workforce General Obligations Regarding Uses and Disclosures of Protected Health Information" policy indicated all workforce members must take reasonable steps to safeguard PHI from any intentional or unintentional disclosure.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280