Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ORANGE COUNTY GLOBAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 15, 2012. Also cited in 17 other reports.
Report ID: N2SE11.01, California Department of Public Health
Reported Entity: WESTERN MEDICAL CENTER SANTA ANA
Issue:
Based on interview and hospital document review, the hospital failed to prevent the unauthorized disclosure of protected health information (PHI) to unauthorized individuals for eight patients (Patients B, C, D, E, G, H, I, and J).Findings:1. On 5/7/12, the Department was notified a breach of Patient B's PHI had occurred on 5/3/12.On 5/3/12, an ETS staff was asked to evaluate a patient in the ED and to find a bed for the transfer of this patient. The ETS staff gathered the ED patient's medical documents and faxed them to an acute care hospital for evaluation. However, the results of a laboratory test belonging to Patient B was faxed with the ED patient's documents and received at the acute care hospital.Patient B's disclosed PHI included name, MR#, account #, DOB, gender, physician, ascension # and location. 2. Review of hospital documents showed a breach of Patient C's PHI occurred on 5/17/12.On 5/18/12, the hospital discovered while discharging a patient from the Labor and Delivery department, Patient C's addressograph was used to stamp the discharge instructions of another patient. The patient was discharged with Patient C's addressograph information on the discharge instructions.Patient C's disclosed PHI included name, MR #, and account #, physician and admission date.3. On 8/1/12, the Department was notified a breach of Patient D's PHI occurred on 7/27/12.On 7/27/12, Patient D was in the ED when his addressograph was mistakenly stamped on the Medication Reconciliation form belonging to another patient that was discharged.Patient D's disclosed PHI included name, DOB, age, and date of admission, MR #, account #, and physician's names.4. Review of hospital documents showed on 8/7/12, the Department was notified a breach of Patient E's PHI occurred on 8/5/12.While in the ED, the armband belonging to Patient E was inadvertently placed on another patient. This patient had blood drawn for laboratory tests, an EKG was done and no one noticed the patient had Patient E's armband and not his own.Patient E's disclosed PHI included name, MR # and account #, DOB, age date of service and admitting physician.5. On 8/23/12, the Department was notified a breach of Patient G's PHI occurred on 8/21/12.On 8/21/12, a hospital staff observed a hospital physician with an unidentified female in the control room of the computer system. Both were viewing images and the unidentified female was observed taking pictures of the images shown on the computer with her cell phone.Review of hospital documentation showed Patient G's CT scan was shown to the unidentified woman by a hospital physician. The unidentified woman was observed taking pictures of the computer images with her cell phone. The unidentified woman was Patient G's family member and also a physician. There was no documentation to show this family member was given permission by Patient G to view and/or take pictures of the CT scan images.Patient G's disclosed PHI included name, DOB, MR # and account #, physician name and admission date.6. Review of hospital documentation showed on 10/9/12, a breach of Patient H's PHI had occurred.On 10/9/12, a clinical review report was faxed by a CM to be sent to the patient's health insurance. However, it was faxed to another health insurance company.Patient H's disclosed PHI included name, DOB, SS # and admission date, MR #, Account # location and medical condition, medications, laboratory results and physician name.7. On 10/24/12, the Department was notified a breach of Patient I's PHI occurred on 10/16/12.On 10/16/12, Patient I was being admitted to the hospital by a physician. The same physician was discharging another patient. The physician accidentally wrote Patient I's name of the prescription for the patient that was discharged.Patient I's name was the disclosed PHI.8. Review of hospital documents showed on 11/20/12, the discharge prescription belonging to Patient J was incorrectly indexed onto another patient's MR. The other patient's MR was copied and released to the Risk Management department where the discharge prescription belonging to Patient J was found. At this time it was discovered the MR of this patient was also copied and released to an attorney's office on 1/26/12. Patient J's discharge prescription was included on the other patient's MR and sent to the attorney's office.Patient J's disclosed PHI included name, physician and medication with indications. On 2/20/13, contact with the hospital's HCO confirmed the breaches of PHI occurred as documented.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280