Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 29, 2013. Also cited in 64 other reports.
Report ID: SYXI11, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's PHI was given to an unauthorized individual. (refer to CA00327639)2. Patient 2's PHI was given to an unauthorized individual. (refer to CA00328347)3. Patient 3's PHI was faxed to an unauthorized recipient. (refer to CA00341259)4. Patient 4's PHI was faxed to an unauthorized recipient. (refer to CA00334867)These failures resulted in not protecting the PHI for Patient's 1, 2, 3 and 4 and had the potential for unauthorized use. Findings: Refer to CA003276391. On 9/20/13 at 3:55 p.m., during an interview, the Hospital Compliance Officer (HCO) stated the breach occurred when discharge papers belonging to Patient 1 were given to an unauthorized individual by Registered Nurse 1 (RN1).Review of the medical record indicated the following information was given to the wrong patient on 9/25/12: discharge instructions, medication information and patient education materials based on discharge diagnosis. Patient 1's PHI included name, medical record number, date of birth and date of service. A letter was sent to Patient 1 on 9/28/12 regarding the breach.The (Hospital) Policy and Procedure titled, Record Processing and Information Handling dated 9/16/13, III. Standard: A. Record Processing indicated; "Protected health information (PHI)...whether electronic or paper format, shall be protected from unauthorized disclosure...dissemination...It is expected all Users will maintain the confidentiality of this information."Refer to CA00328347 2. On 9/20/13 at 1:55 p.m., during an interview, the Hospital Compliance Officer (HCO) stated during the discharge process, Registered Nurse 2 (RN 2) gave Patient 2's PHI to an unauthorized recipient. Review of the medical record indicated a patient was discharged from the hospital with the medication reconciliation of Patient 2. The PHI of Patient 2 included: A patient sticker with name, date of birth, date of service and physician. A letter was sent to Patient 2 regarding the breach on 10/5/12. The (Hospital) Policy and Procedure titled, Patient's Personal Property dated 12/22/10, Purpose: "To delineate the procedure to ensure the safety of personal valuables...Procedure I. Personal belongings: A. At the time of admission,...items remaining with the patient are to be documented in detail in the electronic Nursing Admission Assessment...D. When patients are admitted to Critical Care areas: clothing and valuables are to be bagged and sent home with family...if available."Refer to CA003412593. On 10/11/13 at 11:05 a.m., during an interview, the Hospital Compliance Officer (HCO) stated on 1/22/13 the Medical Records Clerk (MRC) dialed the fax number to the Patient 3's physician. When the douments were faxed, the Patient's PHI simultaneously faxed to the private home number of an unauthorized recipient.Review of the medical record indicated the following information was sent to an unauthorized recipient: A discharge summary, history and physical, lab and procedure results. Patient 3's PHI included; name, date of birth, medical record number; account number, physician findings and diagnosis. A letter of notification was sent to Patient 3 dated 1/28/13, notifying him of the breach.The (Hospital) Policy and Procedure titled, Transmission of Medical Records By Facsimile, dated 5/16/12, states, 3. "Sender Procedure: a. When faxing documents...1. Verify by telephone the availability of the authorized receiver before beginning transmission...i. Verify from either the communication/Transmission report or...the fax was sent to the correct phone number."Refer to CA003348674. On 10/14/13 at 10:30 a.m., during an interview, the Hospital Compliance Officer (HCO) stated on 11/28/12 the Case Manager (CM) misdialed a fax number and Patient 4's PHI was faxed to an unauthorized recipient.Review of the medical record indicated the following information was sent to an unauthorized recipient: A Physician's Order Sheet which included Patient 4's; name, date of birth, medical record number; demographic information and diagnosis. A letter dated 11/29/12 was sent to Patient 4 notifying him of the breach. The (Hospital) Policy and Procedure titled, Transmission of Medical Records By Facsimile, dated 5/16/12, states, 3. "Sender Procedure: a. When faxing documents...1. Verify by telephone the availability of the authorized receiver before beginning transmission...i. Verify from either the communication/Transmission report or...the fax was sent to the correct phone number."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights