Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
MAMMOTH HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 3, 2013. Also cited in 15 other reports.
Report ID: 276U11.01, California Department of Public Health
Reported Entity: MAMMOTH HOSPITAL
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when a fax intended to be sent to Patient A's insurance company, was inadvertently sent to a private citizen. This breach of Patient A's PHI placed the patient at risk for identity theft. FINDINGS:On August 7, 2013 at 4:07 PM, a phone interview was conducted with the facility privacy officer (FPO) to investigate an entity reported incident.On September 27, 2013, a review was conducted of this file. The Facility investigation was also reviewed which revealed that on April 6, 2010, at 1:39 PM, a private citizen, called the facility to inform them that he had received a one page fax from their facility. The private citizen stated that the document had already been shredded, so it could not be returned to the facility. The investigation indicated Employee 1 had dialed the incorrect prefix of 872 (a private number), instead of dialing the prefix 873, which belonged to the insurance company, where the information was to be sent. Facility staff drove to the location where the fax had been sent to obtain a copy of the fax. But it had already been destroyed. During questioning, the private citizen stated that there had not been a cover sheet used. Patient A's PHI, which was faxed in error to an unauthorized recipient, included the following: a Pre-operative evaluation request for a right total hip arthroplasty (Surgical procedure) which contained Patient A's name, date of birth, phone number, and the physician ' s name.On September 17, 2013 at 12:40 PM, a phone interview was conducted with the FPO, who confirmed the incident. He further stated that Employee 1 had not used a fax coversheet when she faxed the document to an unauthorized recipient.On September 27, 2013, a review was conducted of Employee 1's personnel file. It contained a signed confidentiality agreement, signed November 9, 2009, and HIPPA training on October 1, 2010. After this incident, Employee 1 was re-educated on HIPPA, and Patient Privacy issues. The facility failed to protect patient rights regarding maintaining the privacy and confidentiality of patient (PHI), which resulted in Patient A being placed at risk of identity theft, when a fax containing Patient A's PHI was faxed to a private citizen without authorization.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights