Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CLOVIS COMMUNITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 1, 2013. Also cited in 27 other reports.
Report ID: F8OB11, California Department of Public Health
Reported Entity: CLOVIS COMMUNITY MEDICAL CENTER
Issue:
Referred to CA00345823Based on interview, clinical record and administrative document review, the hospital failed to protect patient confidential information when Patient 1's lab label was given to Patient 2 in error. This failure caused the breached of Patient 1's protected health information (PHI) and possible unauthorized use.Findings:On 11/1/13 at 10 a.m., the Privacy Officer (PO) indicated that RN 1 had given Patient 1's lab label to Patient 2 in error on 3/4/13. The PO stated, "RN 1 inadvertently gave Patient 1's lab label to Patient 2. Patient 2 realized the label was not in her name, she gave it back RN 1 and it was shredded." The PO indicated that the label contained name, date of birth, medical record number, and account number. Referred to CA00345838Based on interview, clinical record and administrative document review, the hospital failed to protect patient confidential information when Patient 3's lab label was given to Patient 4 in error. This failure caused the breached of Patient 3's protected health information (PHI) and possible unauthorized use.Findings:On 11/1/13 at 10:30 a.m., during interview the PO indicated Patient 3's arm band was applied to Patient 4's arm in error. The PO stated, Staff 1 applied Patient 3's arm band to Patient 4 during registration in the emergency department. Patient 4 went to have x-ray done, it was detected that she had someone else's arm band on.The PO indicated the following information was on the arm band: name, date of birth, medical record number, and account number. The hospital policy and procedure titled "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12 indicated, "III: A. It is the policy of CMC (Community Medical Centers) to protect the privacy and security of patients information and to comply with applicable laws and regulations. III Guidelines: B. CMC Privacy Policies and Procedures: 1. CMC and its workforce members must comply with ... state and federal laws and regulations."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights