HIPAA Helper »
SANTA CLARA VALLEY MEDICAL CENTER »
Aug 28, 2013

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

SANTA CLARA VALLEY MEDICAL CENTER

751 SOUTH BASCOM AVENUE SAN JOSE,CA 95128

Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 28, 2013. Also cited in 90 other reports.

Report ID: YLB611.01, California Department of Public Health

Reported Entity: SANTA CLARA VALLEY MEDICAL CENTER

Issue:

Based on interview and record review, the hospital failed to prevent unauthorized access to one patient's (Patient 1) medical information. Findings:On 5/15/13 the California Department of Public Health received a faxed report from the hospital compliance officer which indicated the hospital identified unauthorized access to Patient 1's protected health information.(PHI)During an interview on 8/28/13 at 11:00 a.m., the compliance officer stated Patient 1 had been seen in the outpatient clinic on 12/14/12. Patient 1 left without her discharge paperwork and Staff A gave Patient 1's paperwork to Staff B (a hospital employee related to Patient 1). The compliance officer stated Staff B realized she was not authorized to have access to Patient 1's medical information and reported the incident to her supervisor.During a record review on 8/28/13 at 11:20 a.m., Patient 1's discharge paperwork included a lab slip which contained Patient 1's name, date of birth, medical record number, the clinic where she was seen, her physician and the labs tests requested.During an interview on 9/5/13 at 1:40 p.m., Staff A stated Patient 1 left without her discharge paperwork after her appointment on 12/14/12. Staff A stated she was unable to notify Patient 1 by telephone and gave the paperwork to Staff B because she was Patient 1's family member. Staff A stated she realized Staff B was not authorized to access Patient 1's PHI.Record review on 9/5/13 at 1:30 p.m., of the hospital policy "Disclosures of Protected Health Information to Family and Friends: "Obtain the patient's verbal approval for disclosure of his/her PHI/ePHI and document the approval in the patient's medical record."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: RD9011.01, RD9011.02

Do you believe your privacy has been violated? Here’s what you can do: