Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
HEMET VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 2, 2015. Also cited in 39 other reports.
Report ID: BOLX11, California Department of Public Health
Reported Entity: HEMET VALLEY MEDICAL CENTER
Issue:
Based on staff interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient 2's Private Health Information (PHI), when a documents containing Patient 2's PHI was sent by fax to another hospital without Patient 2's authorization. This had the potential to result in the misuse of Patient 2's private health information.Findings:On June 2, 2015, an investigation was conducted on this entity reported incident. The facility Health Information Manager (HIM) was interviewed on June 2, 2015, at 1:25 p.m. The HIM stated on February 17, 2014, an unauthorized disclosure of Patient 2's PHI was faxed to another hospital. The hospital (receiver) had requested information on Patient 1 to be faxed and instead Patient 2's information was sent. Patient 2's faxed information included two emergency department reports, one computerized axial tomography scan (CAT Scan-type of detailed x-ray) of the abdomen and one electrocardiogram result (EKG-test results of heart function). The intended facility (receiver) had called the facility and informed them of the incorrect information received on February 18, 2014. The facility staff who sent the wrong patient information to the receiving facility worked in the Department (HIM). The worker should have checked the information prior to sending.On June 4, 2015, a record review was conducted of the facility letter sent to Patient 2 dated February 21, 2014. The letter indicated, "I (HIM) am writing to inform you of an unauthorized disclosure of patient information regarding yourself (Patient 2). On February 18, 2014, I (HIM) was notified that medical record documentation pertaining to you was ...disclosed pursuant to a request for medical records on February 17, 2014.Our Health Information Management Department received a request from (another facility) for medical records for an individual with a similar first name and same last name as yours. The patient's records ....requested had a birth date similar to your date of birth. Documents from your medical record were... faxed to (another facility)...Information ...disclosed to the (receiving facility) included the following documents: emergency room report and emergency room continuation of care report, radiology report , and one EKG tracing (electrocardiogram-heart function test) from October 18, 2013, emergency department visit...."A review was conducted of the facility policy titled "Breach Notification Policy," revised, September 2013, the policy indicated, "The hospital will implement, identify, and respond to suspected breaches..."The facility failed to maintain Patient 2's PHI by faxing health information to a facility not authorized by Patient 2 or the Patient 2's representative.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280