Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Adventist Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 27, 2013. Also cited in 29 other reports.
Report ID: FN8R11, California Department of Public Health
Reported Entity: ADVENTIST MEDICAL CENTER
Issue:
Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when Patient 1's PHI was faxed to an authorized recipient. This failure placed Patient 1's PHI at a potential risk for unauthorized use. Findings:On 11/27/13 during an interview, the Privacy Officer(PO)confirmed Protected Health Information for Patient 1 was faxed in error to an Insurance carrier instead of the Admitting office. PO stated that the employee involved in the breach pressed the wrong fax key when the breach occurred. The fax error was discovered and reported to the Privacy Officer on 9/26/13. A letter was sent out to Patient 1 informing her of the incident and the PHI disclosed. The PO stated the following PHI was breached: Patient name, date of birth, medical record number, phone number, physician prescription and diagnosis. On 12/27/13 during review of the facility policy and procedure number 1000.08.09 titled Confidentiality of Protected Health Information contained the following documentation: "[Facility's name] is committed to protecting the privacy and security of protected health information (PHI)...It is the policy to maintain confidentiality for patients and employees at all times and under all circumstances. ...Breach of patient confidentiality through carelessness is when patient information is unintentionally or carelessly accessed, reviewed, or revealed without a legitimate need to know the patient information." The facility's policy and procedure number 1000.03.14, titled "Faxing Patient Protected Health Information contained the following documentation: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in correct fax number, confirm fax sent to correct fax number, as well as, request is appropriate and meets minimum necessary."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights