Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 19, 2013. Also cited in 64 other reports.
Report ID: PJYZ11, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's PHI was given to an unauthorized recipient. (Refers to CA00335278) 2. Patient 2's PHI was given to an unauthorized recipient. (Refers to CA00331186)3. Patient 3's home medication was given to an unauthorized recipient.(Refers to CA00334347)4. Patient 5's PHI was given to an unauthorized individual. (Refers to CA00326109)This failure resulted in not protecting the PHI for Patients 1, 2, 3 and 5 and possible unauthorized use. Findings: Refer to CA003352781. On 10/14/13 at 11:00 a.m., during an interview, the Hospital Compliance Officer (HCO) stated, on 11/28/12 during the discharge process, Patient 1's PHI was given to an unauthorized recipient.Review of the medical record indicated the following information was given to an unauthorized recipient: Discharge papers including; patient name; date of birth, medical record number; date of service, and a form, "Request for Hearing" regarding firearms. A certified letter dated 12/13/12 was sent to the patient regarding the breach. The Hospital Policy titled, Patient Information privacy Policy, dated 9/16/13, indicated, 2. Patient Authorization, "Tenet obtains the Authorization of the patient...on the Tenet Facility-approved Authorization To Use And Disclose Health information Form...c. Staff may not disclose information pursuant to an Authorization form without ensuring the validity of the Authorization form..."Refer to CA003311862. On 10/14/13 at 10:40 a.m., during an interview, the Hospital Compliance Officer (HCO) stated on 10/23/12, Patient 2's PHI was given to a patient with the same name by the Medical Records Clerk (MRC). Review of the medical record indicated the following Patient's PHI was given to the wrong patient: A copy of a Cardiology Report including; Name, date of birth, date of admission, account number, history, procedure in detail and findings from procedure. A letter was sent on 10/29/12 notifying Patient of the breach.The (Hospital) Policy and Procedure titled, Record Processing and Information Handling dated 9/16/13, III. Standard: A. Record Processing indicated; "Protected health information (PHI)...whether electronic or paper format, shall be protected from unauthorized disclosure...dissemination...It is expected all Users will maintain the confidentiality of this information."Refer to CA003343473. On 10/18/13 at 1:45 p.m., during an interview, the Hospital Compliance Officer (HCO) stated Patient 3's PHI was breached when his home medication bag was given to Patient 4 by Registered Nurse 1 (RN 1) during the discharge process on 11/10/12. Review of the medical record indicated Patient 4 was discharged from the hospital on 11/10/12, and given the home medication bag for Patient 3. Patient 3's PHI included: A patient sticker with name, date of birth, date of service and physician. There was 1 bottle of medication in the bag. A certified letter was sent to the Patient regarding the breach on 11/27/12. The (Hospital) Policy and Procedure titled, Patient's Personal Property dated 12/22/10, Purpose: "To delineate the procedure to ensure the safety of personal valuables...Procedure I. Personal belongings: A. At the time of admission,...items remaining with the patient are to be documented in detail in the electronic Nursing Admission Assessment...D. When patients are admitted to Critical Care areas: clothing and valuables are to be bagged and sent home with family...if available."Refer to CA003261094. On 10/11/13 at 11:00 a.m., during an interview, the Hospital Compliance Officer (HCO) stated that Patient 5's PHI was breached on 9/11/12, when Patient 6 was given a lab report belonging to Patient 5 by Registered Nurse 2 (RN 2).Review of the medical record indicated on 9/11/12, Patient 5's lab report was placed in Patient 6's discharge paperwork. Patient 5's PHI included name, medical record number, date of birth, lab results and date of service. A letter was sent to Patient 5 on 9/28/12 regarding the breach.The (Hospital) Policy and Procedure titled, Record Processing and Information Handling dated 9/16/13, III. Standard: A. Record Processing indicated; "Protected health information (PHI)...whether electronic or paper format, shall be protected from unauthorized disclosure...dissemination...It is expected all Users will maintain the confidentiality of this information."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights