Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CORONA REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 13, 2015. Also cited in 19 other reports.
Report ID: ZH2S11, California Department of Public Health
Reported Entity: CORONA REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient A's private health information (PHI), when Patient A's laboratory report was given to Patient B during discharge. This had the potential to result in the misuse of Patient A's private health information. Findings.:On July 13, 2015, at 11:30 a.m., an investigation was conducted on this entity reported incident. The Facility Director of Health Information Management (DHIM) was interviewed on July 13, 2015, at 11:30 a.m. The DIHM stated on July 6, 2015, an unauthorized disclosure of Patient A's PHI occurred when Patient A's PHI was given to the wrong patient, Patient B, during discharge in the emergency room. The recipient, Patient B, took the discharge papers with her to her follow-up appointment with her physician and the physician noted another patient's laboratory results were given to Patient B during discharge. The patient's caregiver had called the facility and notified them of the error. The caregiver agreed to shred the laboratory report as per the request of the Health Information Management Department (HIMD).On July 13, 2015, the letter sent to Patient A by the facility dated July 9, 2015, was reviewed. The letter indicated, "On June 6, 2015, it was discovered by the HIMD that a portion of your medical record, lab results, were released to another patient upon discharge. The patient's caretaker understood the importance of protecting your privacy, and she promptly notified the HIMD at the facility. The patient's caretaker assured the facility that your information would not be disclosed to any person(s). To the best of our knowledge, and by the assurance of the unintended recipient, the content of your medical information has not been disclosed to any other person(s).The information given to the unintended recipient is listed below:NameMedical record numberLaboratory results..."A review of the facility policy titled, "PHI Breaches, Emergency Room Action Plan-Discharge Instructions," revised, February 13, 2015, indicated, "The Emergency Department (ED) will utilize two patient identifiers to ensure the correct discharge instructions are given to the correct patient. Verify the patient's first and last name and have the patient tell you their birthrate...The registered nurse (RN) will highlight each page with a highlighter to confirm that every page of the discharge instructions belong to the patient that is being discharged...by signing the discharge paperwork the RN staff is confirming that they gave the patient their discharge instructions."The facility failed to maintain Patient A's PHI by giving the wrong patient, Patient B, Patient A's laboratory results without prior authorization from Patient A and or Patient A's caregiver.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280