Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CORONA REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 3, 2014. Also cited in 19 other reports.
Report ID: 6H6O11, California Department of Public Health
Reported Entity: CORONA REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure for one patient (Patient A), that her protected health information (PHI) was not disclosed to an individual not authorized to receive the information. Patient A's PHI was inadvertently given to the wrong Patient. This failure resulted in unauthorized access of Patient A's PHI.Findings:An interview was conducted with the RHIA (Registered Health Information Administrator) Director on June 3, 2014 at 2:30 p.m. The RHIA stated that on February 7, 2014, a HIM (health information technician) accidentally faxed a portion of Patient A's record to a Patient who was requesting copies of their own record. The RHIA stated the PHI included the patient's name, date of birth, age, sex, account number, medical record number, laboratory results, and emergency room summary. A copy of the letter sent to Patient A was reviewed. The letter indicated the following:" On February 7, 2014,( name of hospital) discovered that some of your protected health information was inadvertently disclosed to an unintended recipient. The information given to the unintended recipient included name, date of birth, age, sex, account number, medical record number, laboratory results and emergency summary. The patient understood the importance of protecting your privacy and promptly returned, via mail, all of your medical record to the Health Information Management department at (name of hospital)".The facility's policy and procedure titled, "Confidentiality/Privacy and last revision date of May 2012", indicated the following:"1. (name of hospital) is committed to make reasonable efforts to protect the privacy of patients' health information, and to comply with applicable federal and state laws that protect the privacy and security of patients' health information. This policy establishes the basic requirements for the use or disclosure of patients' protected health information, consistent with this commitment.2. In order to assure the privacy of patients' health information, all uses and disclosures not made to the patient are generally subject to the following ( name of hospital policies):-Minimum Necessary Access to and Use of PHI.Minimum necessary is the least amount of protected health information that is required to achieve the purpose for which it is intended".
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280