Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SOUTH COAST GLOBAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 2, 2012. Also cited in 43 other reports.
Report ID: DE0011, California Department of Public Health
Reported Entity: COASTAL COMMUNITIES HOSPITAL
Issue:
Based on interview and hospital document review, the hospital failed to prevent the disclosure of seven patients' protected health information (PHI) to unauthorized individuals (Patients J, K, L, R, S, T, and U). Findings:1. On 2/2/12, the hospital discovered a breach of Patient J's PHI occurred on 2/1/12.The hospital's investigation showed on 2/2/12, a Nursing Supervisor was unable to locate documentation of Patient J's death in the morgue's log book. Another patient had been released to a mortuary a day prior. The mortuary was contacted and was asked to check the documentation sent with the patient. The mortuary confirmed they also had the death record belonging to Patient J. The PHI disclosed, belonging to Patient J, included name, cause of death, age, date of birth, date of death and name of physician. 2. On 2/10/12, the hospital discovered a breach of Patient K's PHI occurred on 2/7/12.The hospital's investigation showed on 2/7/12, an Emergency Department staff nurse inadvertently placed Patient K's laboratory results in another patient's medical record. The medical record was photocopied when the other patient was transferred to another hospital and Patient K's laboratory results were sent with the other patient's documents. Patient K's disclosed PHI included name, date, medical record number, account number, age, sex, procedure tests performed and laboratory test results.3. On 2/23/12, the hospital was aware a breach of Patient L's PHI occurred on 2/22/12.The hospital's investigation showed a Medical Records staff member attempted to fax documents belonging to Patient L to the attending physician. However, a private citizen called the hospital's Medical Record Department to inform them the documents belonging to Patient L were faxed to his private fax machine. The hospital found the staff member transposed the last two numbers when dialing the fax number. The hospital confirmed the staff member failed to confirm the fax number for accuracy before the document was sent.Patient L's disclosed PHI included the fax cover sheet, procedure note containing the patient's name, medical record number, date of and the type of procedure, including the results of the procedure with a diagnosis. 4. On 4/18/12, the Department was notified an investigation was initiated concerning a breach of Patient R's PHI.Hospital documentation showed Patient R was seen in the Emergency Department on 4/12/12. During that time, Patient R's addressograph was used to stamp another patient's discharge After Care Instructions form. Patient R's PHI disclosed included name, date of birth, medical record number, account number, age, sex, date of admit and the physician's name.5. On 4/24/12, the hospital became aware of the unauthorized disclosure of Patient S's PHI. Review of hospital documentation showed Patient S was seen in the Emergency Department on 4/20/12. While in the Emergency Department, Patient S's addressograph was used to stamp another patient's discharge After Care Instructions form. The hospital's investigation showed Patient S's PHI disclosed the patient's name, date of birth, sex, physician name, date of admission and the account and medical record numbers. 6. On 4/30/12, the Department was notified a breach of Patient T's PHI occurred.On 4/24/12, a hospital staff was scanning another patient's information to Bridges Connect System. However, a referral authorization form belonging to Patient T was accidentally scanned as well.Patient T's PHI disclosed included the patient's name and date of birth, as well as the patient's mother's name.7. On 5/2/12, while in the Emergency Department, Patient U's name was typed onto another patient's discharge instructions.On 5/7/12, the Department was notified Patient U's PHI disclosed included name, account number, and physician's name. During a telephone interview on 11/15/12 at 1400 hours, the hospital's Compliance Officer confirmed the unauthorized disclosure of PHI belonging to Patients J, K, L, R, S, T, and U.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280