Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ARROWHEAD REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 10, 2015. Also cited in 9 other reports.
Report ID: HVE911, California Department of Public Health
Reported Entity: ARROWHEAD REGIONAL MEDICAL CENTER
Issue:
Based on phone interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when a registered nurse (RN1) gave Patient A's admission orders to Patient B upon discharge. This failure resulted in the unauthorized release of patinet A's PHI to Patient B.Fidings:CDPH verified that the facility informed the affected patient or the patient's representative of the unlawful or unauthorized access, use or disclosure of the patient's medical information within 15 business days as required.On March 10, 2015 at 8:45 AM, a phone interview was conducted with the Privacy and Security Officer regarding an entity reported incident of a breach of PHI for Patient A, on February 12, 2015. The (PO) stated that Patient A's admission orders were given with Patient B's discharge instructions by a Registered Nurse (RN1). The PO stated the normal discharge process is to verify the patient's identity by using two patient identifiers, double checking the paperwork and the RN signs the discharge instructions. The RN 's signature signifies the discharge instructions have been explained, and given to the correct patient as part of the verification process.On March 20, 2015 at 3:28 PM, a phone interview was conducted with RN 1. RN 1 stated that she did give Patient B's discharge instructions to Patient B. RN 1 stated she went through all the discharge paperwork with Patient B and there was no way that she gave Patient B, Patient A's paperwork. Furthermore, RN 1 stated she checked all the discharge documents and she had to sign each page of the discharge instructions. RN 1 stated, "I did not give her paperwork that was not hers (Patient B). I am positive",When asked how was she sure she did not give Patient B, Patient A's documents, RN 1 stated "because I have to sign each page." RN 1 said "that her suspicion was that Patient B was on the look out to get any other paperwork, and that she does not know how Patient B got a hold of Patient A's paperwork.".During a review of the documentation that had been disclosed to Patient B, the document contained Patient A's name, date of birth, medical record number, medical provider, date of visit, general condition, diagnosis, gender and medications.A review of the facility's policy and procedure titled, "Uses and Disclosure of Protected Health Information," dated October 28, 2010, indicated, "It is the policy of ( Name of facility) that an individual's identifiable protected information (PHI) only be used ....with the expressed permission of the patient .....The purpose of this policy is to assure individuals identifiable protected health information contained in any ( Name of facility) medical record ....is only used or disclosed for its intended purposes .... " The failure of RN1 to verify that all discharge instructions belonged to the intended recipient, Patient B, resulted in the unauthorized release of Patient A's PHI to Patient B.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights