Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SONOMA VALLEY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 24, 2012. Also cited in 10 other reports.
Report ID: DERW11, California Department of Public Health
Reported Entity: SONOMA VALLEY HOSPITAL
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of a patient's (Patient 1) medical information when it was sent to the wrong physician. This failure allowed the unlawful or unauthorized access to patient 1's medical information. Findings:The California Department of Public Health was notified on 10/12/12 that a, breach of health information, occurred on 10/9/12.During an interview on 10/24/12 at 1 p.m., Medical Records Staff A stated that she received a phone call on 10/9/12, from Physician D's office, that they had received Patient 1's Emergency Room (ER) report in error. Physician B had originally requested that a copy of his ER report be sent to Physician C not Physician D. The Department was notified on 10/12/12.Medical Records Staff A also stated that, when the fax account was started with Business Associate E, the fax number entered for Physician C belonged to Physician D as originally provided to Business Associate E by the facility.Record review on 10/24/12 revealed that the facility Business Associate also sent a copy of Patient 1's ER report to Health Center E, at which Physician C worked.A review of the facility Policy and Procedure for, "Workforce HIPAA Regulations"(3/10), reveals the following: "POLICY The facility allows members of it's workforce to share protected health information with one another to the extent necessary to permit them to perform their legitimate functions of (sic) the Hospital's behalf. The facility will provide to the workforce an educational program on the facility's Policies and Procedures on privacy and confidentiality of patient health information... PROCEDURE A. TRAINING 1. Level and Content of Training Each workforce member has received training appropriate to his or her duties, focusing on the protected health information with which the member is likely to deal. Personnel that are involved with issues of confidentiality and disclosure every day have received training on a continuous basis".
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280