Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CONTRA COSTA REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 14, 2012. Also cited in 103 other reports.
Report ID: DH9X11.02, California Department of Public Health
Reported Entity: CONTRA COSTA REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to protect the confidential medical information of 4709 patients (Patients 1-4709) of 4709 patients reviewed, as evidence by: Protected patient information contained in a meeting agenda report and pertaining to 4700 patients was published on a public website on the Internet (Patients 10-4709),Following healthcare visits, protected patient information pertaining to Patients 1, 2, 4, 5, 6 and 9 was disclosed to other patients;Patient 3's lab result was mailed to another patient. Patients 7 and 8 had their protected information disclosed to another patient when their discharge papers were given to that patient by staff. These failures caused patients loss of dignity and privacy, and placed them at risk for identity theft. Findings:Review on 2/24/12 of facility policy "Safeguarding Protected Health Information", dated 4/14/2003 and revised 7/1/2010, showed that the policy instructed staff, " Workforce members must take precautions to prevent the unauthorized access, use, or disclosure of health system identification card itself, any document embossed with this information, or any document with this information written on any part of it. " The policy further instructed staff that they, " must be very careful to give the correct health system identification cards and paperwork to the proper patient. "During an onsite visit and interview with the hospital privacy officer (PO) on 2/23 and 2/24/12 the following were noted:1. On 11/23/11, the hospital was made aware that a report attached to a meeting agenda was posted on line, on the Internet. Included in this report were the names, the account numbers and the amount to be discharged as uncollectable of 4700 individuals who had received health care delivered by the hospital. Review on 2/24/12 of a copy of the "Health Services Write -Off Report " showed 83 pages listing patient names, account numbers, and payment balances.2. On 11/29/11 a patient reported that he was given, after a clinic visit, a prescription and other patient information pertaining to Patient 1. Both patients had a clinic visit on the same day. 3. On 11/30/11, Patient 2's clinic appointment paperwork containing demographic information was given to another patient, due to an error made by staff employed by the hospital/clinic. 4. On 12/2/11, a patient phoned an outpatient clinic to advise the staff that she had mistakenly received a lab result notification in the mail that belonged to Patient 3. The lab result contained Patient 3's name, age, sex, phone number, account number, and test results.5. On 12/5/11, staff gave a lab order slip belonging to Patient 4 to another patient. PO explained that the order slip contained Patient 4's name, age, sex, birthdate, medical record number, phone number and primary care physician ' s name. 6. On 12/15/11, staff gave a patient the lab requisition form embossed with Patient 5's medical ID (Identification) card after a clinic appointment. Both patient had been seen at the clinic on 12/5/11. Review of the " Outpatient Lab Order Sheet ", dated 12/15/11 showed Patient 5' s first and last name, birthdate, sex, phone number and medical record number, in the right upper corner of the page.7. On 1/13/12, staff gave the appointment slip embossed with Patient 6 ' s medical ID (Identification) card to another patient. The error was discovered on 1/18/12 when the patient who received the slip arrived for appointment instead of Patient 6. PO explained that both patients have same first and last name just different middle name and that both patients were seen at the same clinic on 1/13/12. PO further explained that the appointment slip typically has the patient's first, middle and last name, medical record number, primary care provider ' s name and information about the future appointment. 8. On 12/10/12, staff gave three pages of notes with medical information pertaining to Patient 7 and Patient 8 to another patient who was discharged from the hospital. The error was discovered on 1/22/12 when the patient who received the three pages, returned them to her physician. 9. On 1/4/12 staff gave Patient 9's appointment reminder slip to another patient. PO explained that both patients were seen in the same clinic on 1/4/12 and that the appointment slip typically has the patient's first, middle and last name, medical record number, primary care provider ' s name, and information about the future appointment.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights