Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
UNIVERSITY OF CALIFORNIA SAN FRANCISCO MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 22, 2013. Also cited in 108 other reports.
Report ID: O0Y911.01, California Department of Public Health
Reported Entity: UCSF MEDICAL CENTER
Issue:
Based on interview and record review the facility failed to inform the Patient 1, Patient 2 and Patient 3 of unauthorized access to their medical information within the required five business days when the breach of medical information letter sent to patients was dated past the 5five day grace period as follows:Patient 1 - 2 days latePatient 2 - 2 days latePatient 3 - 4 days lateFindings:1. CA00347612 Patient 1During an interview on 11/22/13 at 2:20 PM, the hospital's Privacy Analyst (PA1) stated that Patient 1's Operative Report was faxed to the incorrect provider (MD1). PA1 stated the hospital was notified of the mistake on 10/15/13 by fax from MD1 who stated there was no patient by that name in their system. Record review indicated a faxed letter, dated 10/24/13 notifying the California Department of Public Health of the breach of Patient 1's protected health information.Record review indicated a letter, dated 10/24/13 notifying the patient of the breach of his/her protected health information.The hospital was two days late in notifying CDPH after the five day grace period had ended. 2. CA00374618 Patient 2During an interview on 11/22/13 at 2:20 PM, the hospital's Privacy Analyst (PA1) stated that Patient 2's Procedure Note was faxed to the incorrect provider (MD2). PA1 stated the hospital was notified of the mistake on 10/15/13 by fax from MD2 who sent the fax back to the referral service.Record review indicated a faxed letter, dated 10/24/13 notifying the California Department of Public Health of the breach of Patient 2's protected health information.Record review indicated a letter, dated 10/24/13 notifying the patient of the breach of his/her protected health information.The hospital was two days late in notifying CDPH after the five day grace period had ended. 3. CA00373828 Patient 3 During an interview on 11/22/13 at 2:20 PM, the hospital's Privacy Analyst (PA2) stated that Patient 3's Procedure Note was faxed to the incorrect provider (MD3). PA2 stated the hospital was notified of the mistake on 10/7/13 by fax from MD3 who sent the fax back indicating, "Not Dr. (name) patient"Record review indicated a faxed letter, dated 10/18/13 notifying the California Department of Public Health of the breach of Patient 3's protected health information. Record review indicated a letter, dated 10/17/13 notifying the patient of the breach of his/her protected health information.The hospital was four days late in notifying CDPH after the five day grace period had ended.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280