Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
HEMET VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 27, 2015. Also cited in 39 other reports.
Report ID: T41P11, California Department of Public Health
Reported Entity: HEMET VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized disclosure of Patient A's Protected Health Information (PHI), by failing to ensure all documents given to Patient B's caregiver, were meant for Patient B. This failure had the potential for the misuse of Patient A's private/medical information.Findings:During an interview with the Privacy Officer (PO), on May 27, 2015, at 11:15 a.m., the PO stated on May 5, 2015, the facility was informed by Patient B's caregiver that she received Patient A's preliminary radiology report with Patient B's discharge instructions. The PO stated an investigation into the breach revealed Patient A's radiology was stapled to Patient B's discharge instructions and given to Patient B's caregiver, on May 4, 2015. The PO stated Patient B's caregiver discovered Patient A's report after leaving the facility and notified the manager the next day. The PO stated the staff responsible for the breach, should have verified all documents in the packet were meant for Patient B. A copy of the letter sent to Patient A was reviewed. The letter indicated information inadvertently disclosed included: -Patient A's name,-study type, -date of exam,-the patient's date of birth, -the patient's facility identification number, -the patient's location in the facility, -the time the exam was ordered,-time the report was faxed,-Patient A's clinical history and indication for the exam, and-the findings and impression. The facility policy and procedure titled, "Breach of PHI," revised January 2015, indicated "Unlawful or unauthorized access means the inappropriate access, review, or viewing of patient medical information without a direct need..."The policy further indicated "Medical information means any individually identifiable information...Individually Identifiable means that the medical information includes or contains any element of personal identifying information sufficient to allow the identification of the individual, such as patient's name, address, telephone number, social security number..."The facility policy and procedure titled, "Discharge Instructions," revised March 2014, was reviewed. The policy indicated, "Verify that documents provided to patients upon discharge pertain to the correct patient. This includes discharge instructions, prescriptions, or any other patient identifiable materials."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280