Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 10, 2012. Also cited in 64 other reports.
Report ID: O4DH11.01, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Facility detected the Breach of Patient Health Information on 11/30/09.Facility reported the Breach of Patient Health Information to the Department on 12/7/09.Facility notified Patient A of the Breach of Patient Health Information on 12/4/09.Based on staff interview and review of facility documents, the facility failed to prevent the unauthorized disclosure of Patient A's health information (PHI) when the facility's case manager (CM) faxed Patient A's transfer information to a skilled nursing facility (SNF) and the PHI was also transmitted to an out of town business. Additionally, the facility failed to report an incident of unauthorized disclosure of a patient's medical information to the Department within 5 calendar days.Findings:1. On 2/10/12 at 2:13 p.m., the facility's investigation of the incident was reviewed with the Compliance Officer (CO). Plans were being made to transfer Patient A to a nursing home. A review of the investigation showed that Patient A's PHI was successfully faxed by the CM to the SNF, however, the PHI was also transmitted to an out of town business. Documents faxed to the business contained Patient A's transfer forms and discharge medication list. On 2/10/12 at 2:35 p.m., the CO stated that her investigation showed that the information had been faxed by the facility's case manager (CM) and that the SNF received the information. The CO had requested the assistance of the facility's telecommunication manager, because the error was discovered to be within the facility phone system and not an error by the CM. The CO stated that they were unable to identify the cause of the error and the telecommunications department blocked the business from receiving any other faxes sent by the facility. 2. On 2/10/12 at 2:13 p.m., the facility's investigation of the incident was reviewed with the Compliance Officer (CO). Plans were being made to transfer Patient A to a nursing home. A review of the investigation showed that Patient A's PHI was successfully faxed by the CM to the SNF, however, the PHI was also transmitted to an out of town business. Documents faxed to the business contained Patient A's transfer forms and discharge medication list. The facility became aware of the incident on 11/30/09 and the Department received a notification by mail on 12/7/09 (2 days after the incident should have been reported).On 2/10/12 at 1:45 p.m., the facility's Compliance Officer (CO) was asked if they were aware of the 5-day reporting component and she stated, "Yes, but during that time all of the incidents were sent to their corporate headquarters for review prior to reporting."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280