Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 8, 2013. Also cited in 62 other reports.
Report ID: RTBH11.01, California Department of Public Health
Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview, clinical record and administrative document review, the facility failed to protect confidential patient information for Patient 1 when health information was mailed out to a residential home instead of the insurance provider. This failure resulted in unauthorized access of confidential patient information of Patient 1.Findings:On 2/26/13 at 9:10 a.m., during an interview, the Privacy Officer (PO) stated that on 7/27/12 at 9:23 a.m. she was notified by a patient's mother that medical information pertaining to Patient 2 was sent in the mail. The patient's mother stated she received in the mail along with Patient 2's information a CMS 1500 claim form. The PO stated that both claim forms should have gone to Tricare not the home address. The PO stated that on 7/27/12 at 1 p.m., a courier retrieved and returned the documents to the privacy office.On 2/26/13 at 9:20 a.m., the PO stated Patient 1 had been notified of the Protected health information (PHI) was inappropriately disclosed.The PHI disclosed included, patient name, address, date of birth, gender. account number, insurance information and guarantor related to the patients hospital visit.On 2/26/13 at 4:40 p.m. the facility policy and procedure number 12136, titled "HIPPA General Rules for the Use and Disclosure of PHI," dated 11/16/09, contained the following documentation: "It is the policy of Community Medical Centers to protect the privacy and security of patient information and to comply with applicable laws and regulations. ...PHI includes any information received, created, or maintained by the facility in which the patient is or may reasonable be identified, regardless of whether the information is in oral, paper, or electronic form."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights