Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 29, 2015. Also cited in 44 other reports.
Report ID: MEL611.01, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on interview, and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when a Coordinator of Observation Admits (COA) faxed Patient A's PHI to (Name of Company). This failure resulted in the unauthorized release of Patient A's PHI.Findings:During an interview on June 1, 2015 at 3:25PM, with the Compliance Specialist regarding an entity reported incident of a breach of a PHI for Patient A detected on April 27, 2015, the CS stated the facility was made aware of the breach when (Name of Company) faxed a cover sheet informing they had received Patient A's PHI. The CS stated the Registration Department intended to fax Patient A's PHI to (Name of Insurance Company) but inadvertently faxed it to (Name of Company).During an interview on July 2, 2015 at 10:00AM, with the COA, she stated on April 27, 2015 (Name of Insurance Company) requested Patient A's information. The COA stated, she faxed a covered sheet with Patient A's facesheet inadvertently to (Name of Company) instead of (Name of Insurance Company). When asked why this happened, the COA stated, "I should have double checked the fax number before faxing Patient A's document, It was a mistake."During a review of the documents faxed to the private company in error, the documentation contained Patient A's name, date of birth, medical record number, address, phone number, marital status, race, chief complaint, emergency number contacts, insurance information and provider information.A review of the facility's policy and procedure titled, "Fax Security," dated June, 2013, inidicated prior to pushing "Send/Start/Go" on fax maxhine, the sender shall confirm that the number dialed is correct.The failure of the COA to ensure the fax number was for the intended recipient before faxing Patient A's PHI, resulted in the unauthorized release of Patient A's PHI to an unintended (Name of Company).
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights