Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 20, 2012. Also cited in 64 other reports.
Report ID: XRLB11, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's PHI was mistakenly given to the wrong patient on discharge.2. The PHI for Patient 3 was mailed to an insurance company in error and without authorization. These failures placed the PHI for Patients 1 and 2 at risk for possible unauthorized use.Findings:Refer to CA00317985 1. On 8/20/12 at 1:10 p.m., during a interview, Staff 1 (Privacy Officer) stated on 6/26/12 Staff 2 (Registered Nurse from the Emergency Department) mistakenly placed Patient 1's PHI in the wrong discharge packet and was given to Patient 2 in error. Staff 1 stated the PHI consisted of Patient 1's name, patient ID, date of birth, medical record number, account number, presenting complaint, history, vitals, physician, and orders to psychiatric services and laboratory results. The facility policy and procedure number 1.0.0, titled "Privacy Policy Overview" contained the following documentation: " Privacy Policies and Procedures have been established to outline directives relating to the Protected Health Information ("PHI") of Patients. These directives include: Protecting the privacy of the PHI of Patients in accordance with California and federal requirements. ...Affording Patients their rights with respect to their PHI in accordance with California and federal requirements."Refer to CA003222762. On 8/20/12 at 1:45 p.m., during an interview, Staff 1 (Privacy Officer) stated on 8/7/12 the contracted billing services company disclosed medical information of Patient 4 when they attached the medical record of Patient 4 in error to a claim for another patient and mailed that claim to an insurance company. The facility became aware of a possible privacy breach on 8/10/12 when the insurance company contacted Staff 1 and notified them of the error. The facility's internal investigation revealed the medical record for Patient 4 was sent to an outside insurance company in error. Review of the PHI contained Patient 4's name, date of birth, date of service, medical record number, account number, attending physician, reason for hospitalization, results of consultation, course of hospitalization, mental status at the time of discharge, mental health diagnosis, discharge plan and prognosis. The facility policy and procedure number 1.0.0, titled "Privacy Policy Overview" contained the following documentation: " Privacy Policies and Procedures have been established to outline directives relating to the Protected Health Information ("PHI") of Patients. These directives include: Protecting the privacy of the PHI of Patients in accordance with California and federal requirements. ...Affording Patients their rights with respect to their PHI in accordance with California and federal requirements."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights