Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LAC/OLIVE VIEW-UCLA MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 17, 2014. Also cited in 6 other reports.
Report ID: 97FV11, California Department of Public Health
Reported Entity: LAC/OLIVE VIEW-UCLA MEDICAL CENTER
Issue:
Based on interview and hospital document review, the hospital failed to prevent the unauthorized disclosure of 31 patients' (Patients Aa, Ab, Ac, Ad, Ae, Af, Ag, Ah, Ai, Aj, Ak, Al, Am, An, Ao, Ap, B, C, D, Fa, Fb, Fc, Fd, Fe, Ff, Fg, Fh, Fi, Fj, G and H) protected health information (PHI).1. Review of hospital documentation showed a list of 16 patient names, used to confirm the presence and location of the patients admitted to the particular unit, was lost on 4/28/12.The hospital's investigation showed during visiting hours a package of clothing for a patient was placed on top of the clip board that held the patient list. The clip board was found in the patient's room but the list was not present. After a thorough search the list was not found. The list was suspected to be discarded into the regular trash by the patient. The hospital's name was not identified on the list.Patients Aa to Ap's disclosed PHI included name, room number and an hourly location on the unit.2. Review of hospital documentation showed a breach of Patient B's PHI occurred on 5/13/12. Documentation showed a physician inadvertently left a voicemail regarding Patient B's medical condition on an incorrect person's voicemail.Patient B's disclosed PHI included physician's name, patient's first name, medical condition, recommended course of treatment.3. Review of hospital documentation showed a patient authorized a copy of their medical records to be sent to the Department of Rehabilitation. On 3/29/11, while processing the request staff inadvertently included a page of Patient C's medical record in the package sent to the Department of Rehabilitation.Patient C's disclosed PHI included name, medical record number, date of birth (DOB), diagnosis and admission dates.4. Hospital documents showed a breach of Patient D's PHI occurred on 7/3/12. A request was made by a patient to have a copy of their medical record sent to a public social service agency for disability determination. However, when a staff was processing the request Patient D's medical record was selected, scanned and sent to the public social service agency in error. The requesting patient and Patient D's medical record number differed by just one digit.Patient D's disclosed PHI included name, medical record number (MR#), DOB and the patient's current medical history.5. Review of hospital documents showed on 3/12/13, the hospital determined a microcassette containing pathologist's dictation of gross (large) specimen analysis was removed from the box in which it was placed for pick up by the Pathologist Department transcriptionist (report writer). The box was in a locked area. There were pathology reports belonging to 10 patients.Patients Fa, Fb, Fc, Fd, Fe, Ff, Fg, Fh, Fi and Fj's disclosed PHI included names, MR#'s, sample types and gross description of samples.6. On 3/29/14, the hospital's Compliance Officer was notified a breach of Patient G's PHI occurred. Review of the hospital documentation showed a nurse disclosed some of the patient's medical information in front of a family member who was not aware of the patient's condition. Patient G's disclosed PHI included the patient's drug use.7. Review of hospital documentation showed on 7/11/14, a breach of Patient H's PHI occurred. Another patient requested a copy of their own medical record for services in December 2010, to take to a provider at another facility. When the patient's current provider reviewed the documents, there were some pages that belonged to Patient H. The hospital determined a staff in the Health Information Management Department inadvertently included some of Patient H's medical information when preparing the other patient's request.Patient H's disclosed PHI name, DOB, MR#, diagnoses, medical consultation with the rationale for the consultation, medications and exams with the results of the exams.On 12/23/14 at 1100 hours, an informal telephone conference with the Compliance Officer confirmed the breaches of PHI occurred as documented.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280