Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SOUTH COAST GLOBAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 13, 2011. Also cited in 43 other reports.
Report ID: 7U9M11, California Department of Public Health
Reported Entity: SOUTH COAST GLOBAL MEDICAL CENTER
Issue:
Based on interview and hospital document review, the hospital failed to prevent the disclosure of four patients' protected health information (PHI) to unauthorized individuals (Patients A, B, D, and I). Findings:1. On 1/28/10, the Department was notified a breach of Patient A's PHI occurred. On 1/28/10, a staff member in the Health Information Service Department attempted to fax Patient A's blood transfusion consent form and medication reconciliation order form internally to the hospital's Emergency Department. However, the fax was unintentionally misdirected to a physician's office. The PHI disclosed included Patient A's name, date of birth and medical record number.2. On 2/1/10, the Department was notified a breach of Patient B's PHI occurred. On 1/29/10, a staff member in the Labor and Delivery Department faxed Patient B's report to a person at a company instead of the intended physician.The PHI disclosed included Patient B's name, age and results of the report.3. Review of hospital documents showed Patient D's PHI was breached on 8/11/11. On 8/11/11, a staff member in the business office was attempting to call the daughter of Patient D to inform of her of the patient's admission to the hospital. The staff member reviewed a medical chart of a person with same last name as Patient D. When the staff member called the person who she thought was Patient D's daughter. The staff member proceeded to inform the person she called of Patient D's hospitalization. The PHI disclosed included Patient D's name along with when and where the hospitalization occurred.4. On 12/14/11, the Department was notified the hospital became aware of a PHI breach on 12/13/11, involving Patient I.On 12/8/11, a coroner visited a medical floor to receive a copy of Patient I's medical record. The coroner called a police officer to review the patient's medical record. The police officer asked a nurse for a copy of Patient I's medical record. The nurse assumed the police officer was part of the investigation team with the coroner and provided a copy of the patient's medical record to the officer upon request. The officer was not a part of the investigation team and was not entitled to Patient I's medical record.The PHI disclosed included all of Patient I's demographic information, social security number and all personal and medical information as the entire medical record was copied and provided to an unauthorized individual.On 11/15/12 at 1400 hours, a conference call with the Director of Compliance confirmed the breaches of PHI occurred as documented.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280