Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Los Alamitos Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 3, 2012. Also cited in 5 other reports.
Report ID: CHYY11.01, California Department of Public Health
Reported Entity: LOS ALAMITOS MEDICAL CENTER
Issue:
Based on interview and hospital document review, the hospital failed to prevent the disclosure of the protected health information (PHI) of seven patients to an unauthorized individual (Patients A, B, C, D, E, and F). This resulted in the patient's protected health information being available to persons without the patients' permission.Findings:1. Complaint Number: CA 00277627On 7/26/11, the hospital notified the Department of a breach of PHI for Patient A which occurred on 7/19/11. On 7/19/11, an individual notified the hospital she had received medical information belonging to another individual when she was discharged. Review of the hospital's investigation showed an employee gave Patient A's discharge instructions, work release form and prescription to another patient at the time of discharge. 2. Complaint Number: CA00275479On 7/8/11, the hospital notified the Department a breach Patient B's PHI had occurred on 7/4/11.On 7/4/11, the hospital was notified by an individual that he had received the medical information of another patient. Review of the hospital's investigation showed an employee gave a copy of Patient B's lab results to another patient being discharged on the same day.3. Complaint Number: CA00297597A. On 11/12/11, the hospital notified the Department a breach Patient C's PHI had occurred on 11/11/11.Review of the hospital's investigation showed an employee faxed Patient C's diagnostic test results to private individual instead of the intended physician. The investigation showed the fax number on the request was difficult to read. B. On 12/16/11, the hospital notified the Department of a breach of Patient D's PHI occurred on 12/14/11. Review of the hospital's investigation showed Patient D's PHI was mailed to the wrong insurance company by the hospital's contracted service for billingC. On 12/19/11, the hospital notified the Department a breach of Patient E's PHI had occurred on 12/14/11.On 12/15/11, the Compliance Office was notified by an individual he had received three faxed documents that did not belong to him. Review of the hospital's investigation showed an employee faxed three documents containing Patient E's PHI to a private individual instead of the intended physician.D. On 12/21/11, the hospital notified the Department a breach of Patient F's PHI had occurred on 12/16/11. On 12/16/11, the hospital was notified by another hospital that they had received one document for a patient that did not belong to them. Review of the hospital's investigation showed the PHI of Patient F had been included with the medical record of another patient when transferred on 12/16/11.E. On 1/20/12, the hospital notified the Department a breach of Patient G's PHI had occurred on 1/18/11. On 1/18/12, the hospital was notified by a patient she received four pages of documents which did not belong to her.Review of the hospital's investigation showed PHI belonging to Patient G was issued to another patient with the same last name who had requested copies of her medical record.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280