Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 19, 2015. Also cited in 44 other reports.
Report ID: E7YF11.01, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of Patient A's protected health information (PHI) when a Licensed Vocational Nurse (LVN 1) faxed Patient A's referral for services document to an unintended recipient. This resulted in an unauthorized disclosure of Patient A's PHI.Findings:On May 19, 2015 at 1:30 PM, a phone interview was conducted with the Compliance Specialist regarding an entity reported incident of a breach of Patient A's PHI. The Compliance Specialist stated, LVN 1 typed in the wrong fax number causing the referral for services document, which contained Patient A's name, date of birth, address, case number, and diagnoses to be faxed to an unintended recipient.The Compliance Specialist stated the facility detected the breach on April 16, 2015, when the unintended recipient of the faxed document (private residence) called the intended recipient, who in turn notified the facility. A formal letter of notification was sent to the parent of Patient A (a minor) of the breached PHI, and provided a copy of the letter for review.On June 9, 2015 at 10:00 AM, a phone interview was conducted with LVN 1 regarding this entity reported incident. LVN 1 stated, she entered the fax number incorrectly. LVN 1 stated, "I misdialed the fax number. It was a busy day."A copy of the letter sent to the parent of Patient A (a minor) dated May 6, 2015, informing the parent about the breach of the child's PHI was reviewed.A review of the fax transmission verification report and cover sheet dated April 16, 2015, indicated the intended recipient's fax number and the unintended recipient's fax number where the breached document was faxed to.A review of the referral for services document titled, "In-Home Supportive Services (IHSS) Program Health Care Certification Form," indicated Patient A's name, date of birth, address, case number, and diagnoses.A review of the facility's policy and procedure titled, "Fax Security," dated June 2013, indicated "Prior to pushing 'Send / Start / Go' on fax machine, the sender shall confirm that the number dialed is correct."A review of the facility's policy and procedure titled, "Protection of Patient Privacy," dated April 2015, indicated "All (name of facility) employees ... shall be responsible for maintaining the confidentiality of patient information."The facility failed to ensure Patient A's referral for services document was faxed to the intended recipient resulting in an unauthorized release of Patient A's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights