Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CLOVIS COMMUNITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 6, 2012. Also cited in 27 other reports.
Report ID: 2JF511, California Department of Public Health
Reported Entity: CLOVIS COMMUNITY MEDICAL CENTER
Issue:
Based on staff interview, facility and administrative document review the facility failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's identification band was mistakenly given to Patient 2.2. Patient 3's PHI was disclosed to a private citizen.These failure placed Patient 1 and Patient 3's PHI at a potential risk for unauthorized use.Findings:Refer to CA003015421. On 5/15/12 at 8:50 a.m., Staff 1 (Privacy Officer) stated on 2/24/12 the facility became aware of a possible privacy breach. The facility's internal investigation revealed Staff 2 (Patient Representative) mistakenly put Patient 1's identification band on Patient 2. Staff 1 stated it was Staff 2's responsibility to ensure each patient received the correct identification band.On 5/15/12 at 8:57 a.m., Staff 1 stated the identification band contained Patient 1's name, date of birth, medical record number and account number.On 5/16/12 at 9:25 a.m., the facility policy and procedure number 12136, titled "HIPPA General Rules for the Use and Disclosure of PHI," dated 11/16/09, contained the following documentation: "It is the policy of Community Medical Centers to protect the privacy and security of patient information and to comply with applicable laws and regulations. ...PHI includes any information received, created, or maintained by the facility in which the patient is or may reasonable be identified, regardless of whether the information is in oral, paper, or electronic form.The facility policy and procedure number 12023 titled " Patient Identification, " dated 3/15/12, contained the following documentation: " The foundation of providing quality patient care is based on accurate patient identification. Employee interacting with patients is accountable for ensuring proper patient identification. " Refer to CA003019872. On 5/15/12 at 8:50 a.m., Staff 1 stated on 2/28/12 the facility became aware of a possible privacy breach. The facility's internal investigation revealed Staff 3 (Registered Nurse) mistakenly dialed the wrong number and left a voice message, regarding Patient 3's PHI, on a private citizens phone. Staff 1 stated it was Staff 3's responsibility to verify the correct phone numbers prior to leaving a confidential voice message.On 5/15/12 at 9:05 a.m., Staff 1 stated Staff 3's voice message contained Patient 3's name and clinical information. On 5/16/12 at 9:25 a.m., the facility policy and procedure number 12136, titled "HIPPA General Rules for the Use and Disclosure of PHI," dated 11/16/09, contained the following documentation: "It is the policy of Community Medical Centers to protect the privacy and security of patient information and to comply with applicable laws and regulations. ...PHI includes any information received, created, or maintained by the facility in which the patient is or may reasonable be identified, regardless of whether the information is in oral, paper, or electronic form. ...Patients have the right to request the facility to communicate with them about their health information in a confidential fashion, including specifying what address or phone number to use for this purpose. Facility staff who communicate with patients, mail information, or leave messages, should verify whether the patient has provided confidential communications information prior to making the communication."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights