Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 5, 2012. Also cited in 62 other reports.
Report ID: GYDS11, California Department of Public Health
Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview, clinical record and administrative document review, the hospital failed to protect patient confidential medical information when Patient 1's medications and admission and discharge information were given to Patient 2's family. This failure caused the breach of Patient 1's protected health information (PHI) and possible unauthorized use. Findings:On 9/4/12 at 8:07 a.m., the department received a fax from the hospital that indicated patient's medications were given to another patient's family in error.On 10/5/12 at 9:06 a.m., during an interview, Privacy Officer (PO) 1 stated Registered Nurse (RN) 1 mistakenly gave Patient 1's discharged medications list and discharge instructions to Patient 2's family in error. PO 1 stated that during patient discharge process, RN 2 retrieved Patient 1's medications and admission information, handed them to RN 1, and RN 1 gave them to Patient 2's family.On 10/5/12 at 10:17 a.m., during interview and concurrent record review, PO 1 indicated that on 8/27/12 Patient 2 was discharged to a local nursing facility. PO 1 further indicated, Patient 1's medications and admission information were given to Patient 2's family. Patient 2's family realized the medications and admission information did not belong to Patient 2. PO 1 stated, Patient 2's family returned the medications and the admission information the following day. Patient 1 was informed about the breach of PHI.The clinical record for Patient 1 was reviewed on 12/6/12. Patient 1's clinical record contained name, date of birth, address, medical record number, payment source, diagnoses, and list of medications. The hospital policy and procedure titled "Confidentiality/Breach of Information," dated 8/17/10, contained the following information: "III. Policy: A. It is the policy of CMC [Community Medical Centers] to protect the privacy and security of patient information and to comply with applicable laws and regulations. B. This policy applies to all CMC workforce members, which includes employees, trainees, students, volunteers, and other designated persons."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights