Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 1, 2012. Also cited in 46 other reports.
Report ID: ZSPW11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview and record review the facility failed to safeguard the protected health information (PHI) of Patient A when the medical records (MR) clerk handed a record to the mother of another patient with the same last name without verifying who she was on the record contents. This had the potential for important clinical information getting to Patient B's physician, and placed Patient A at risk for identity theft.FindingsOn 10/1/12 an investigation was initiated on an entity report of a possible breach of information inthe MR department involving Patient A.During a phone interview on 10/1/12 at 2:00 PM, with the facility privacy officer (FPO), she stated, "The mother of Patient B came to pick up his medical records. The MR clerk went to where records are pulled and kept when a request has been received. The MR clerk saw the last name and did not verify that it was the correct first name. She also failed to identify the person who was picking up the records who in this case had a different last name. When the mother looked at the records a few days later, she realized they did not belong to her son and returned them to the facility."A review of the facility's policy and Procedure (P&P) titled,"Protected Health Information (PHI), transfer of , dated 8/12, indicated that there were to be two staff members when records were released. "The first staff member will verify that all documents belong to the correct patient and do not contain and other patient's information. The second staff member will independently verify that the documents belong to the correct patient and do not contain any other patient's information. ...Place copy of PHI -transfer Verification Log in back of log binder."The FPO stated, "[Used clerk's name] did not follow the policies and procedures to prevent a breach. We notified Patient A that the following was contained in the file provided to the mother of Patient B:a. Facesheet (included name, date of birth , address, social security, diagnoses)b. History and physical c. Patient Education Assessmentd. Nutritional Risk Screene. Physician Ordersf. Pre-operative checklistg. Immediate post-procedure noteh. Pre and post anesthesia recordi. Report of operation including pathology and x-ray reportsj. Nursing Notes.k. discharge instructions and consent forms.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights