Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LAC/HARBOR-UCLA MED CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 5, 2012. Also cited in 2 other reports.
Report ID: UFL811.01, California Department of Public Health
Reported Entity: LAC/HARBOR-UCLA MED CENTER
Issue:
Based on interview and record review, the hospital failed to maintain the confidentiality of the protected health information (PHI) of Patients A and B. This resulted in the patient's protected health information being available to persons without the patient's permission.Findings:1. The Department of Public Health was notified by the hospital on 10/8/10, a licensed nurse posted a message on her Facebook page discussing her feelings with other co-workers regarding Patient A's death. The hospital's Privacy Officer was interviewed on 11/6/12 at 0915 hours. The Privacy Officer stated an employee informed the hospital of the nurse's Facebook post. The Privacy Officer stated the nurse's initial post on Facebook did not include identifying information for Patient A; however, four other nurses also posted on the message. The ensuing discussion included information about the patient such as the initials of the patient, symptoms of the illness, the patient's diagnosis, and room number in the hospital.The Privacy Officer stated, when interviewed, the five nurses involved admitted to the Facebook discussion and the breach was verified with a screen shot of the Facebook post. 2. The Department of Public Health was notified by the hospital on 6/20/12, one of it's employee's was suspected of inappropriately accessing the medical record of Patient B, also a hospital employee.The hospital's Privacy Officer was interviewed on 11/6/12 at 0930 hours. The Privacy Officer stated Patient B reported concerns on 6/14/12, that her medical records may have been accessed by a co-worker while she was a patient in the hospital. Results of an audit trail confirmed the employee had accessed Patient B's information when the employee was not involved in the patient's care. The information accessed included Patient B's medical number, account number, date of birth, past medical history and reason for the hospital visit.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280