Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CORONA REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 15, 2012. Also cited in 19 other reports.
Report ID: GD9M11.01, California Department of Public Health
Reported Entity: CORONA REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized disclosure of Patient A's medical information. This failure had the potential to result in misuse of protected health information.Findings:On May 30, 2012, the facility reported to the Department of Public Health they discovered a potential unauthorized disclosure of protected health information. According to the notification, Patient A's information was given to Patient B (an unintended recipient) along with his discharge instructions. An unannounced visit was made to the facility on November 15, 2012, at 9:30 a.m., to conduct an investigation into this entity reported incident.In an interview with the Director of Health Information Management, on November 15, 2012, at 10:30 a.m., the Director stated the breach occurred when Patient A's paperwork was mixed in with Patient B's discharge instructions. The Director stated all the pages were not verified prior to giving the discharge instructions to Patient B. On November 15, 2012, a letter sent to Patient A was reviewed. The letter, dated May 30, 2012, indicated a patient notified the facility he had received a copy of Patient A's laboratory report. The laboratory report included Patient A's:Name; Date of birth;Age;Sex;Account number;Medical record number;Lab results; andTreating physician. The facility's policy titled "Confidentiality/Privacy," with a last reviewed date of May 2012, was reviewed on November 27, 2012. The policy indicated the facility was committed to make reasonable efforts to protect the privacy of patients' health information. The policy indicated PHI was individually identifiable health information that was transmitted or maintained in any form or medium.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280