Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 26, 2014. Also cited in 46 other reports.
Report ID: NW9N11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
XXXXXXX Based on interview and record review, the facility failed to ensure the confidential treatment of Patient B's protected health information (PHI), when an Emergency Department Registered Nurse (RN 1) released the prescription to Patient A, that contained the name and date of birth (DOB) for Patient B at the time Patient A was discharged from the emergency department (ED). This resulted in a breach of PHI for Patient B.Findings:On July 2, 2014 at 4:15 PM, a telephone interview was conducted with the Facility Privacy Officer (FPO) regarding an entity reported incident of a breach of PHI for Patient B, that occurred on March 1, 2013. The FPO stated "The ED physician wrote Patient B's name and DOB on a prescription which was intended for Patient A. RN 1 discharged Patient A on March 1, 2014 at approximately 9:34 PM with a prescription that contained Patient B's name and DOB. Patient A returned to the ED on March 2, 2014 and notified ED staff that she was unable to fill her prescription because it had the name and date of birth of another patient."The FPO further stated that "apparently RN 1 did not do a double check with armband of patient with information being provided to make sure it was the correct patient." During a review of the documentation that had been given to Patient A, it was noted that the prescription contained PHI for Patient B that included the name and DOB. A review of the facility policy and procedure titled, "Data Security Policy", dated January 2012 indicated:"The purpose of this policy is to implement certain aspects of (facility name) privacy principles and applicable federal and state laws in order to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other federal and state laws governing protection of confidential information.""3. Information or electronic data: entered into, received by, printed from, transmitted over or through, processed by, stored on, or in any way involved with an electronic information asses, regardless of media."The failure to ensure that the prescription contained only Patient A's PHI resulted in the unauthorized release of Patient B's PHI to Patient A.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights