Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSPITAL-MORENO VALLEY
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 22, 2014. Also cited in 13 other reports.
Report ID: OM0G11, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSPITAL-MORENO VALLEY
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized disclosure of 29 patients' medical information (Patients 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, and 29). This had the potential to result in misuse of the patients' private information.Findings:On May 22, 2014, at 11:40 a.m., an investigation was conducted for an entity reported incident. On May 22, 2014, at 1:35 p.m., the Chief Operating Officer (COO) was interviewed. The COO stated one of the facility's Financial Counselors (FC 1) sent Treatment Authorization Request (TAR) packets to the State's Medi-Cal Office. When the TAR packets were sent, FC 1 inadvertently included 29 patients' facesheets with the TAR packets, which were not part of the packets. The facility was notified by the State's Medi-Cal Office on October 31, 2013 of the inadvertent disclosure of Protected Health Information (PHI) to their office. The facesheets of the 29 patients included the patients' name, date of birth, address, phone number, medical record number, and in some cases, copies of the Driver License.The facility policy titled, "Mitigation of Impermissible Uses and Disclosure of Protected Health Information" revised on September 2013, was reviewed. The policy indicated, "Kaiser Permanente (KP) must take action to reduce or eliminate, to the extent feasible, any known harm caused by an impermissible use or disclosure of Protected Health Information (PHI) by KP or its business associates."The policy further indicated, "Protected Health Information (PHI) - Individually identifiable health information that is transmitted by or maintained in electronic media, or is transmitted or maintained in any other form or medium..." The policy further indicated, "...Individually Identifiable HeakHealth Information - Information that is a subset of health information, including demographic information collected from an individual, and: (i) Is created or received by a health care provider, health plan, employer, or healthcare clearinghouse..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280