Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SANTA CLARA VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 24, 2014. Also cited in 90 other reports.
Report ID: 446N11, California Department of Public Health
Reported Entity: SANTA CLARA VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to prevent unauthorized disclosure of patients' medical information for 37 of 38 sampled patients (2 to 38) when Patient 1 gained possession of a document which contained patient names and diagnoses. This failure resulted in disclosure of medical information to an unauthorized individual. Findings:On 11/3/14 the California Department of Public Health received a complaint from Patient 1 indicating during her hospital admission of 10/29/14 nursing staff inadvertently left a form containing medical information for 37 patients in her room. Patient 1 retained the form on discharge. On 11/7/14 the California Department of Public Health received a faxed report which indicated the hospital identified an unauthorized disclosure of health information for 37 of 38 patients. The report indicated on 11/3/14 Patient 1 returned a piece of paper to the hospital customer service department which contained patients' protected health information. The piece of paper included a list of inpatients assigned to the Transitional Care and Neurology Unit (TCNU) on 10/30/14. The faxed report further indicated the list was used by TCNU nursing staff. Patient 1 had been admitted to the TCNU between 10/28/14 and 10/31/14. Patient 1 obtained the piece of paper during her inpatient stay and retained the document upon discharge.During an interview on 11/25/14 at 12:50 p.m., the hospital guest services representative stated Patient 1 had brought the document to guest services on 11/3/14.The representative stated the document was immediately turned over to the hospital compliance officer.The document was reviewed on the same date at 1:00 p.m. and contained the names and diagnoses of 38 inpatients, including Patient 1. During an interview on 12/3/14 at 10:00 a.m., Patient 1 stated the document with the patient names was left in her hospital room by nursing staff. Patient 1 stated she did not recall which staff member had left the document in her room. Record review on 12/4/14 at 8:15 a.m. of a copy of the notification letter sent to Patients 2 through 38 from the hospital dated 11/7/14 indicated: "We want to inform you that your medical information was accidentally disclosed... The information included some or all of the following concerning you: name, clinical hospital diagnosis."Record review on 12/4/14 at 8:30 a.m. of the hospital's policy dated 12/27/13 regarding "Workforce General Obligations Regarding Uses and Disclosures of Protected Health Information" indicated: "all workforce members must take reasonable steps to safeguard PHI from any intentional access, use, or disclosure that is in violation of this or any other policy."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280