HIPAA Helper »
LOMA LINDA UNIVERSITY MEDICAL CENTER »
Jun 27, 2011

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

LOMA LINDA UNIVERSITY MEDICAL CENTER

11234 ANDERSON ST LOMA LINDA,CA 92354

Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 27, 2011. Also cited in 44 other reports.

Report ID: G7P911, California Department of Public Health

Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER

Issue:

Based on interview and record review the facility failed to maintain confidentiality of Patient A ' s protected health information (PHI) when his face sheet was inadvertently mixed in with Patient B ' s medical record, and sent via facsimile (fax) to her attorney. This had the potential to result in identity theft for Patient A.Findings:On 1/12/12 at 11:30 AM, an unannounced visit was made to the facility ' s corporate compliance office to investigate an entity reported breach of information on 6/13/11.During an interview with compliance staff 1, she stated, " Medical Records was copying Patient B ' s file to send to her attorney. They were also working on sending Patient A ' s PHI internally, when his face sheet was inadvertently mixed in with Patient B ' s packet. The packet was faxed to Patient B ' s attorney who forwarded it on to Patient B. She was the one who discovered the error. We sent a Letter of Attestation for Patient B to sign and return, along with Patient A ' s face sheet. "During interview with compliance staff 2, she reported that the face sheet contained the patient ' s name, address, date of birth, social security number, account and medical record numbers, insurance information, and his mother ' s information (since he was a minor), physician ' s contact information and Patient A ' s diagnosis.A review was done of the face sheet of Patient A, the letter sent to the mother of Patient A acknowledging his PHI had been faxed to the wrong person; and a copy of the attestation letter from Patient B which confirmed the above.A review was done of the personnel documents of the employee responsible for the error to verify that initial and ongoing training for handling PHI had been done. This was confirmed.Compliance staff 1 and 2 confirmed that a breach had occurred.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights

Do you believe your privacy has been violated? Here’s what you can do: