Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VALLEY CHILDREN'S HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 1, 2013. Also cited in 40 other reports.
Report ID: VDI011, California Department of Public Health
Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA
Issue:
Based on staff interview, clinical record, and administrative document review, the facility failed to ensure confidential treatment of protected health information (PHI) when:1) On 10/4/13 a utilization clinical review sheet for Patient 1 was faxed to the wrong insurance company. (CA00373510)2) On 10/14/13 an audiology evaluation report for Patient 2 was mailed to Patient 3's address. (CA00374111)3) On 10/17/13 a copayment receipt for Patient 4 was given to Patient 5. (CA00374643)These failures resulted in unauthorized access to Patients 1, 2, and 4's PHI and the potential for abuse of the PHI.Findings:CA003735101) On 11/2/13 at 11:16 a.m., the Accreditation Coordinator (AC) stated Registered Nurse (RN) 1 faxed a utilization clinical review sheet and a utilization review follow up sheet to an incorrect insurance company. The AC stated RN 1 did not follow process of double checking the name of the insurance company that required the documents.The PHI breached included Patient 1's name, address, telephone number, birth date, sex, admit date, account number, medical record number, reason for facility visit, lab results, and insurance company name and policy number.The hospital Policy/Procedure Number PR-1016 dated 08/11 indicated, "it is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees, and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential..."CA003741112) On 11/2/13 at 11:23 a.m., AC stated an Ambulatory Service Representative (ASR) mailed an Audiologic Evaluation (tests done to check a person's hearing) report for Patient 2 to Patient 3's address. The AC stated the ASR failed to follow the process of double checking the name of the patient on the forms and the name on the envelope.The PHI breached included Patient 2's name, birth date, sex, medical record number, account number, date of service, and the results of an Audiologic Evaluation.The hospital Policy/Procedure Number PR-1016 dated 08/11 indicated, "it is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees, and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential..."CA003746433) On 11/2/13 at 11:31 a.m., the AC stated a copayment receipt for Patient 4 was given to Patient 5's family member. The AC stated the Emergency Department Registrar did not check the name on the receipt against the name Patient 5's family member stated.The PHI breached included Patient 4's name and account number. The hospital Policy/Procedure Number PR-1016 dated 08/11 indicated, "it is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees, and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights