Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
REDLANDS COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 12, 2014. Also cited in 9 other reports.
Report ID: 99ET11, California Department of Public Health
Reported Entity: REDLANDS COMMUNITY HOSPITAL
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of Patient B's protected health information (PHI) when a Registered Nurse (RN 1) gave Patient B's medication reconciliation document to Patient A. This resulted in an unauthorized disclosure of Patient B's PHI.Findings:On December 2, 2014 at 10:00 AM, a phone interview was conducted with the Privacy Officer regarding an entity reported incident of a breach of Patient B's PHI detected by the facility on August 19, 2014. The Privacy Officer stated that RN 1 gave Patient B's medication reconciliation document which contained Patient B's name, date of birth, account number, allergies, medication names, and vaccinations to Patient A. The Privacy Officer stated that RN 1 caused the breach by removing Patient B's document from the printer and without verifying for correct information, gave the document to Patient A upon discharge.The Privacy Officer stated that Patient B was notified of the breach of PHI on August 22, 2014.On December 18, 2014 at 3:00 PM, a phone interview was conducted with RN 1. RN 1 stated that she had instructed Patient A to sign the discharge documents she prepared for Patient A and noticed that the medication reconciliation document belonged to Patient B. RN 1 stated that Patient A was provided with her correct document but she failed to remove the medication reconciliation document which belonged to Patient B. RN 1 stated she made a "honest mistake."A copy of the letter sent to Patient B, dated August 22, 2014, informing him about the breach of PHI was reviewed.A review of Patient B's medication reconciliation document titled "Discharge Patient Medication List" indicated the PHI of Patient B included his name, date of birth, account number, allergies, medication names, and vaccinations.A review of RN 1's educational documents indicated training in patient privacy & corporate compliance, medication reconciliation, and HIPAA. A document titled "Confidentiality Statement" was signed by RN 1 and dated March 31, 2014.A review of the facility's policy and procedure titled "Policy No. PPS-AD.02.050 Safeguarding PHI" indicated "(name of facility) will comply with all state and federal regulations regarding the safeguarding of physical and electronic forms of PHI. Staff will be provided appropriate access to patient information based on a need-to-know basis while preserving its confidentiality and integrity. All Departments will be responsible for the protection of the confidentiality of PHI and sensitive information."The facility failed to ensure the privacy and confidentiality of Patient B's medical document resulting in an unauthorized release of Patient B's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights