Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CLOVIS COMMUNITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 30, 2014. Also cited in 27 other reports.
Report ID: BG4N11.01, California Department of Public Health
Reported Entity: CLOVIS COMMUNITY MEDICAL CENTER
Issue:
Based on staff interview, clinical and administrative document review, the facility failed to keep Protected Health Information (PHI) confidential when:1) Billing information for services provided to Patient 1 (P 1) was mailed to the wrong address. (CA00399832)2) Patient 2's (P 2) electronic medical records (EMR) were accessed by an employee of a medical doctor (MD), without a business need to know. (CA00395245).These failures placed the PHI for Patient 1 and Patient 2 at risk for possible unauthorized use.Findings:CA003998321) On 5/30/2014 at 1:17 p.m., during a telephone interview, the Privacy Officer (PO) stated P 1's (who is a minor) billing information was mailed to the wrong address. The PO stated this error occurred because the Admitting Clerk (AC) failed to select the correct guarantor for P 1 at the time of registration. The PO stated a list of names is shown on the computer screen and the AC should have verified with P 1's guardian that he was selecting the correct patient.Patient 1's PHI breached included: name and account number.CA003952452) On 5/30/2014 at 1:24 p.m., during a telephone interview, the Privacy Officer PO stated Medical Doctor 1 (MD 1) shared his password with his office manager so that office manager could access P 2's medical records to obtain insurance information in preparation for a court case. The PO stated MD 1 should have had an attorney subpoena the medical records.Patient 2's PHI breached included : name, dated of birth, gender, address, phone number, medical record number, account number, clinical information, and insurance information.The Hospital's Policy and Procedure titled, "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12 indicated, "Protected health information includes any information received, created or maintained by... in which the patient is... identified, regardless of whether the information is in oral, paper or electronic form. It is the responsibility of all ... workforce members to comply with policies and procedures."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights