Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Ukiah Valley Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 21, 2014. Also cited in 31 other reports.
Report ID: O1ZK11, California Department of Public Health
Reported Entity: UKIAH VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to keep personal health information confidential, when a facility staff incorrectly shared Patient 8's personal medical information with a person not involved with this patient and not authorized to have this information. This failure resulted in a breach of confidentiality and possible unauthorized use of the information.Findings:The facility facsimile transmitted to the Department regarding, "Unauthorized Access, Use or Disclosure of Patient Medical Information," dated 6/5/14, revealed that the facility staff shared Patient 8's medical appointment and some confidential patient-specific information with a person not authorized to have this information.During an interview on 7/21/14, at 1:45 p.m., the Privacy Officer stated that on 5/30/14, a facility staff incorrectly shared Patient 8's personal medical information with a person not involved with this patient's care. The Privacy Officer stated that she first became aware of the breach of confidentiality on 6/3/14, and informed the Department on 6/5/14. She stated that the facility staff called Patient 8 to follow-up on an upcoming medical appointment, but had another person, with the same first name, on the phone. She also stated that the staff did not identify the correct person before she proceeded to share Patient 8's upcoming medical appointment. She further stated that the staff should have identified the correct person by verifying the patient's full name and date of birth. The Privacy Officer confirmed that the staff incorrectly shared Patient 8's personal medical information, including Patient 8's name, date of appointment, and appointment information. The facility policy and procedure titled, "Release of Information-Hospital Wide," dated 9/13, indicated, "After production of records for release, patient information must be re-identified and validated as the correct patient, correct birth date, and correct encounter, prior to disclosing to either the patient for their personal use, other third parties, or to a provider for continuity of care."The facility became aware of the incident on 6/3/14, and notified Patient 1, by mail, on 6/5/14.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280