Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CORONA REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 25, 2013. Also cited in 19 other reports.
Report ID: 8Z5211.01, California Department of Public Health
Reported Entity: CORONA REGIONAL MEDICAL CENTER
Issue:
Based on interview and document review, the facility failed to ensure their (PHI) Protected Health Information was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information, and medical records.Findings:On January 25, 2013, a visit was made to the facility to investigate a self-reported breach of PHI (protected health information). An interview was conducted with the facility's Director of Health Information Management (DHIM), on January 17, 2013, at 10:30 a.m. The DHIM stated the breach occurred on November 23, 2011, in the Home Health Department. The DHIM stated the home health staff received their patient assignments through fax. The home health department fax the employees the patient's face sheet and registration sheet containing the patient's demographic information, account numbers, treating physician's name, and diagnosis. The breach occurred when a occupational therapist changed her fax number. The new fax number was assigned in error to two individuals. As a result, when the home health scheduler faxed the information to the occupational therapist, the other person also received the PHI in error. The facility's policy and procedure titled, "Information Management," was reviewed. The policy indicated the hospital was, "Committed to make reasonable efforts to protect the privacy of patient's health information, and to comply with all applicable federal and state laws that protect the privacy and security of patient health information..." The facility failed to ensure Patient A's Protected Health Information was not disclosed to any entity not authorized to receive the information.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280