Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SUTTER SANTA ROSA REGIONAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 6, 2013. Also cited in 15 other reports.
Report ID: IFLX11, California Department of Public Health
Reported Entity: SUTTER SANTA ROSA REGIONAL HOSPITAL
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of Patient 1's protected health information (PHI), when some of Patient 1's medical information was faxed to Patient 2. This failure allowed the unlawful or unauthorized access of protected health information.Findings:The California Department of Public Health was notified on 9/25/13 that a, "Breach of Protected Health Information (PHI)", occurred on 9/17/13.During an interview on 11/8/13 at 8:15 a.m., Administrative Staff A stated that she received notice, on 9/20/13, from Management Staff B that he had been advised, by Licensed Staff D on 9/19/13, that 4 pages of presumed blank preoperative forms had been faxed to Patient 2 to fill out, on 9/17/13, with Patient 1's preprinted label on 2 of 4 pages. Patient 1's preprinted label included her name, date of birth, age, medical record number, account number, date of surgery and physician name.Administrative Staff A also stated that only 2 of 4 labeled forms for Patient 1 had been mixed up with Patient 2's fax, in error, by Licensed Staff B on 9/17/13.There was an error on the part of Licensed Staff B, to follow facility policy and procedure, when she faxed Patient 2 the presumed blank preoperative form without checking that each page was actually blank. A review of the facility Policy and Procedure for, "FACSIMILE (FAX) TRANSMISSION OF MEDICAL RECORDS", (7/12), reveals the following: "I. POLICY The sensitive information contained in health records may be transmitted via facsimile (fax) when delivery through the regular mail will not meet the requestors' or senders' needs, such as for patient care".A review of the facility Policy and Procedure for, "Confidentiality of Patient Care Information", (10/10), reveals the following: "I. POLICY Persons receiving health care services have the right to expect that the confidentiality of individually identifiable medical information will be reasonably preserved. Information regarding the hospital's patients' medical or personal status will not be released or disclosed inappropriately...III. APPLICATION OF POLICY A. All patient-related information is confidential. It will be shared only with those persons that have a legal right (i.e. the patient or the patient's surrogate) or a legitimate work-related need to know".
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280