Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KERN MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 15, 2014. Also cited in 23 other reports.
Report ID: 36RB11.01, California Department of Public Health
Reported Entity: KERN MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to report inadvertent disclosure of one patient's (Patient B) medical information no later than five business days of its detection. The date of this incident was on 6/3/14; detected by the pharmacy department on 6/3/14; and was reported to the Department on 7/11/14, resulting in a 22-day delay.Findings:During a review of the initial breach report dated 7/11/14, Patient A and Patient B have the same last name. Each had a prescription for the same medication but of different dosages. Patient A received and went home with Patient B's medication. The facility called Patient A and asked her to return the bottle of medication belonging to Patient B. Patient A failed to return the medications even after seven calls from the facility's pharmacy department. Patient B's prescribed bottle of medication which was erroneously given to Patient A had Patient B's name, medication name and the prescriber's name printed on the label. During an interview with the Quality Department Registered Nurse (RN 1), on 7/15/14, at 12:16 PM, she stated a Pharmacy Technician (Tech 1), handed Patient B's bottle of medication to Patient A on 6/3/14. Patient B came to pick up her prescription and was told her medication was already picked up. The pharmacy department discovered Patient B's bottle of medication was erroneously given to Patient A. RN 1 verified a letter was sent to Patient B on 7/9/14, notifying her of the breach. During a subsequent interview with RN 1, on 7/16/14 at 9:32 AM, she stated Pharm 1 reported this breach incident via e-mail to RN 1' s supervisor (Manager 1) and human resources department. She stated this e-mail was forwarded to her on 7/7/14. RN 1 was informed the facility incurred a 22-day delay in reporting this incident. She stated Pharm 1 is now aware of his reporting obligations. The facility policy and procedure titled "Privacy Breach Notification Regulations" effective date September 2013, read in part: "...V. PROCEDURE B. 4. Timeline for Reporting b) A breach is treated as discovered [sic] KMC as of the first day on which such breach is known, or by exercising reasonable diligence would have been known, to any person, other than the person committing the breach, who is a workforce member or agent of KMC. VII. EDUCATION: A. KMC staff and Business Associates will be trained of the importance of timely reporting of privacy and security incidents so that KMC may fulfill the breach notification obligations within the required timeframe."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280