Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CORONA REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 15, 2012. Also cited in 19 other reports.
Report ID: 6NP211.01, California Department of Public Health
Reported Entity: CORONA REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized disclosure of Patient A's medical information. This failure had the potential to result in misuse of protected health information.Findings:On September 19, 2012, the facility reported to the Department of Public Health they discovered a potential unauthorized disclosure of protected health information. According to the notification, Patient A's laboratory results were faxed to an unintended recipient (a dentist), not the ordering physician. An unannounced visit was made to the facility on November 15, 2012, at 9:30 a.m., to conduct an investigation into this entity reported incident.In an interview with the Director of Health Information Management, on November 15, 2012, at 9:45 a.m., the Director stated the Patient A's lab results were faxed, in error to an unintended recipient. According to the Director, the laboratory looked up the wrong physician (provider) name and faxed Patient A's results to a Dental office instead of the ordering physician. On November 15, 2012, a letter sent to Patient A was reviewed. The letter, dated September 19, 2012, indicated a Dental office notified the facility they had received a faxed copy of Patient A's laboratory results. The laboratory report included Patient A's:Name; Date of birth;Age;Sex;Account number;Medical record number;Lab results; andTreating physician. The facility's policy titled "Confidentiality/Privacy," with a last reviewed date of May 2012, was reviewed on November 27, 2012. The policy indicated the facility was committed to make reasonable efforts to protect the privacy of patients' health information. The policy indicated PHI was individually identifiable health information that was transmitted or maintained in any form or medium.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280