Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 18, 2014. Also cited in 64 other reports.
Report ID: WLNK11, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Based on staff interview, clinical record review, and administrative document review, the hospital failed to ensure confidential treatment of Patients 1, 2, 3, 4, 5, 6, and 8's protected health information (PHI) when:1. Patient 1's PHI was sent to the wrong recipient. (CA00417752)2. Patient 2's PHI was discussed with individuals unauthorized to hear it. (CA00418907)3. Patients 3 and 4's PHI was faxed to a private residence. (CA00421043)4. Patient 5's PHI was faxed to the wrong provider. (CA00421047)5. Patient 6's PHI was given to Patient 7. (CA00421053)6. Patient 8's PHI was given to Patient 9. (CA00421064)This failure resulted in unauthorized access to Patients 1, 2, 3, 4, 5, 6, and 8's PHI and the potential for abuse of that information.Findings:CA004177521. On 1/23/15 @ 1:10 p.m., during a telephone interview, the privacy officer (PO) stated on 10/13/14 a hospital employee, (case manager CM) faxed Patient 1's PHI to the wrong recipient. The PO stated the CM should have double checked the documents before sending them, but this was not done.Patient 1's PHI breached included his diagnosis, vital signs (heart rate, respiratory rate, blood pressure and temperature), medications, and blood test results.The hospital's policy and procedure titled "Information Privacy and Security Administration Policy" dated 9/16/13, indicated "... [Hospital] Facilities must have appropriate administrative, technical, and physical safeguards to protect the privacy and security of PHI and other confidential information. The safeguards will be designed to reasonably protect PHI and other confidential information from any intentional or unintentional use or disclosure that violates federal and state regulations. [Hospital] will also put in place safeguards to limit incidental uses or disclosures that are made pursuant to permitted or required uses or disclosures."CA004189072. On 1/23/15 At 11 a.m., during a telephone interview, the privacy officer (PO) stated on 10/17/14 a hospital employee (social worker SW), discussed Patient 2's PHI in the presence of two individuals that were not authorized to know it. The PO stated the SW should have made sure that it was okay to talk in front of these individuals or ask them to leave, but this was not done.Patient 2's PHI breached included her diagnosis and details of her treatment plan.The hospital's policy and procedure titled "Information Privacy and Security Administration Policy" dated 9/16/13, indicated "... [Hospital] Facilities must have appropriate administrative, technical, and physical safeguards to protect the privacy and security of PHI and other confidential information. The safeguards will be designed to reasonably protect PHI and other confidential information from any intentional or unintentional use or disclosure that violates federal and state regulations. [Hospital] will also put in place safeguards to limit incidental uses or disclosures that are made pursuant to permitted or required uses or disclosures."CA004210433. On 1/23/15 at 10:50 a.m., during a telephone interview, the privacy officer (PO) stated on 11/14/14, an unidentified employee in the surgery department, sent a fax containing Patients 3 and 4's PHI to a private residence. The PO stated the employee should have verified the fax number, but this was not done.Patients 3 and 4's PHI breached included their diagnoses and their surgical procedures.The hospital's policy and procedure titled "Information Privacy and Security Administration Policy" dated 9/16/13, indicated "... [Hospital] Facilities must have appropriate administrative, technical, and physical safeguards to protect the privacy and security of PHI and other confidential information. The safeguards will be designed to reasonably protect PHI and other confidential information from any intentional or unintentional use or disclosure that violates federal and state regulations. [Hospital] will also put in place safeguards to limit incidental uses or disclosures that are made pursuant to permitted or required uses or disclosures."CA004210474. On 1/23/15 at 10:40 a.m., during a telephone interview, the privacy officer (PO) stated on 11/14/14 a hospital employee (communications operator, CO) faxed Patient 5's PHI to the wrong provider. The PO stated that the CO should have double checked the fax number before sending the fax, but this was not done.Patient 5's PHI breached included her diagnosis, medications, x-ray reports, blood test results, and medical history.The hospital's policy and procedure titled "Information Privacy and Security Administration Policy" dated 9/16/13, indicated "... [Hospital] Facilities must have appropriate administrative, technical, and physical safeguards to protect the privacy and security of PHI and other confidential information. The safeguards will be designed to reasonably protect PHI and other confidential information from any intentional or unintentional use or disclosure that violates federal and state regulations. [Hospital] will also put in place safeguards to limit incidental uses or disclosures that are made pursuant to permitted or required uses or disclosures."CA004210535. On 1/23/15 at 11:15 a.m., during a telephone interview, the privacy officer (PO) stated on 11/17/14 a hospital employee (registered nurse, RN 1) gave Patient 6's PHI to Patient 7. The PO stated RN 1 should have confirmed the patient's identity before releasing the PHI, but this was not done.Patient 6's PHI breached included his diagnosis, weight, medications and surgical procedure.The hospital's policy and procedure titled "Information Privacy and Security Administration Policy" dated 9/16/13, indicated "... [Hospital] Facilities must have appropriate administrative, technical, and physical safeguards to protect the privacy and security of PHI and other confidential information. The safeguards will be designed to reasonably protect PHI and other confidential information from any intentional or unintentional use or disclosure that violates federal and state regulations. [Hospital] will also put in place safeguards to limit incidental uses or disclosures that are made pursuant to permitted or required uses or disclosures."CA004210646. On 1/23/15 at 10:30 a.m., during a telephone interview, the privacy officer (PO) stated on 11/14/14 a hospital employee (registered nurse, RN 2), gave Patient 8's PHI to Patient 9. The PO stated RN 2 should have double checked the discharge documents before giving them to Patient 9, but this was not done.Patient 8's PHI breached included her diagnosis, medical history, and surgical report.The hospital's policy and procedure titled "Information Privacy and Security Administration Policy" dated 9/16/13, indicated "... [Hospital] Facilities must have appropriate administrative, technical, and physical safeguards to protect the privacy and security of PHI and other confidential information. The safeguards will be designed to reasonably protect PHI and other confidential information from any intentional or unintentional use or disclosure that violates federal and state regulations. [Hospital] will also put in place safeguards to limit incidental uses or disclosures that are made pursuant to permitted or required uses or disclosures."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights