Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 19, 2014. Also cited in 62 other reports.
Report ID: 257B11.01, California Department of Public Health
Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview, facility and administrative document review the facility failed to keep Protected Health Information (PHI) confidential when: 1. Results of a medical procedure for Patient 1 were given to his girlfriend without authorization. (CA00413138)2. Patient 2 found paperwork belonging to Patient 3 in her discharge packet. (CA00412835)These failures resulted in the breach of Patient 1 and Patient 3's PHI and possible unauthorized use.Findings:CA 004131381. On 9/19/14 at 9:41 a.m., during an interview, the Privacy Officer (PO) stated Patient 1 was brought into the hospital by his girlfriend for a medical procedure When Patient 1's procedure was over, Registered Nurse (RN) 1 explained the results to Patient 1's girlfriend. The PO stated sometime during the course of Patient 1's recovery, he began to argue with his girlfriend, and it was at this time he stated that he did not want any information disclosed to her. The PO stated Patient 1 became angry with RN 1 for disclosing information, after he had an argument with his girlfriend . The PO stated prior to the argument, Patient 1 was agreeable to his girlfriend knowing his PHI. The PO stated consent to disclose PHI was obtained from Patient 1 after the medical procedure. The PO stated Patient 1 had been sedated during the procedure, therefore the consent was invalid.Patient 1's PHI which was breached were the results of his medical procedure.The (Hospital) Policy and Procedure titled, HIPAA General Rules for the Use and Disclosure of PHI dated 4/18/12, indicated, "D. Using and disclosing PHI 1. CMC (Community Medical Centers) may only use or disclose PHI if: a. the patient has given a valid authorization;"CA004128352. On 9/19/14 at 9:46 a.m., during an interview, the PO stated Patient 2 informed the hospital that she found discharge paperwork in her discharge packet, that belonged to Patient 3. Patient 2 returned Patient 3's paperwork to the hospital. The PO stated Registered Nurse 1 was busy trying to help her coworkers on the day this error occurred, and did not take the time to check the paperwork before giving it to Patient 2.Patient 3's PHI breached included : name, gender, date of birth, address, phone number, medical record number, and clinical information.The (Hospital) Policy and Procedure titled, HIPAA General Rules for the Use and Disclosure of PHI dated 4/18/12, indicated "III. Guidelines: A. Protected Health Information and Records: 1. Protected health information includes any information received, created or maintained by... in which the patient is... identified, regardless of whether the information is in oral, paper or electronic form. I. Accurate Information: 1. It is the responsibility of all individuals who collect information from patients... medical record... to be as accurate and complete as possible."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights