Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SANTA CLARA VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 20, 2014. Also cited in 90 other reports.
Report ID: 80V211.01, California Department of Public Health
Reported Entity: SANTA CLARA VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to prevent the theft of patient health information (PHI) for 17 of 17 sampled patients (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, and 17), when a briefcase containing PHI was stolen from a hospital physician's (MD A) locked car. The failure resulted in disclosure of 17 patients' PHI, to an unauthorized individual(s). Findings:The California Department of Public Health received a faxed report on 8/6/13, which indicated, on 8/6/13, MD A's car had been burglarized, and a briefcase was stolen which contained PHI for 17 patients. PHI disclosed included patients' names, ages, and diagnoses or reason for visit, clinic name, and appointment times.During an interview on 8/20/14 at 12:20 p.m., the ethics and compliance officer (ECO) stated MD A's car had been broken into on Friday 8/2/13, and his briefcase stolen. The briefcase contained a schedule book of his appointments, with the names, ages, and diagnoses or reason for visits for 17 hospital patients. ECO stated MD A did not file a police report, but on Monday, 8/5/13, reported the theft of the schedule book to the hospital affiliated clinic.During an interview on 8/26/14 at 09:15 a.m., MD A stated he went to an event from work, and placed his briefcase in the passenger compartment of his car. MD A stated his car was stationed in a parking lot and someone broke a car window to get in, and took the briefcase, which was not locked. MD A stated it was late at night when he returned to his car, and he needed to return home, so he did not call the police. MD A also stated he had been able to print another schedule for the 17 patients, which indicated patient names, dates and times to be seen, medical record numbers, and possibly the reason for the appointment, e.g., diabetes follow-up, but no social security numbers were disclosed. A review of a copy of a letter dated 8/6/13, from the hospital to the affected patients, indicated MD A had reported his briefcase had been stolen on 8/2/13. Inside the briefcase was a schedule book of the patients MD A was to see. The disclosed information included patient names, ages, diagnoses/reason for visit, clinic name, and appointment times. A review of a copy of an electronic schedule for MD A, indicated patient names, ages, diagnoses or reason for visit, clinic name, and date and time of appointment had been disclosed for 17 patients.A review of a copy of the hospital's 10/15/09 "Safeguarding Protected Health Information" policy indicated, files and documents containing PHI must be adequately safeguarded against unauthorized access and disclosure.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280