Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SUTTER COAST HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 18, 2013. Also cited in 58 other reports.
Report ID: 8D5Z11, California Department of Public Health
Reported Entity: SUTTER COAST HOSPITAL
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of a patient's (Patient 1) protected health information, when some of Patient 1's medical information was handed to Patient 2. This failure allowed the unlawful or unauthorized access of protected health information.Findings:The California Department of Public Health was notified on 1/18/13 that a, "Breach of Protected Health Information (PHI)", occurred on 1/10/13.During an interview on 1/22/13 at 11:30 a.m., Administrative Staff A stated that the rural health clinic received a phone call, on 1/11/13, from Patient 2 that he had been handed a copy of Patient 1's After Visit Summary (AVS), on 1/10/13, attached to Patient 2's AVS, which included Patient 1's name, medical record number, date of birth, condition, and medications.Administrative Staff A further stated that it was human error, on the part of Staff B, that occurred when discharging Patient 2.A review of the facility Policy and Procedure for, "OVERVIEW PRIVACY POLICIES UNDER HIPAA", (12/29/12), reveals the following: "I. POLICY: It is the policy of the facility to protect the privacy and security of patient information and to comply with applicable laws and regulations...III. GUIDELINES: ...B. Protected Health Information and Records: Protected Health Information (PHI) includes any information received, created or maintained by the facility in which the patient is or may reasonably be identified, regardless of whether the information is in oral, paper, or electronic form...C. Facility Privacy Policies and Procedures: The facility and its workforce members must comply with a number of state and federal laws and regulations. It is the responsibility of facility management to develop and distribute necessary privacy and security policies and procedures to guide the actions of its workforce...It is the responsibility of all facility workforce members to comply with the policies and procedures and to cooperate with facility management to identify and correct problems that may cause privacy or security breaches...G...7. Data Security Patients the right to expect that their information is collected, stored, and maintained in a reliable manner and that sufficient precautions are taken by the facility to prevent its misuse. It is the responsibility all facility workforce members to read the applicable security policies and comply with their provisions."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280