Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
VALLEY CHILDREN'S HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 23, 2013. Also cited in 40 other reports.
Report ID: CR3411, California Department of Public Health
Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA
Issue:
Based on staff interview, clinical record, and administrative document review, the facility failed to ensure confidential treatment of protected health information (PHI) when:1) On 8/9/13 a home/discharge medication list for Patient 1 was given to Patient 2. 2) On 7/6/13 school release (a form to be given to schools to excuse absences) written for Patient 3 was given to Patient 4. 3) On 7/8/13 Patient 5 received a prescription written for Patient 6 and discharge instructions for Patient 7. These failures resulted in unauthorized access to Patient 6 and 7's PHI and the potential for abuse of the PHI.Findings:1) On 8/23/13 at 11:47 a.m., during an interview, Privacy Officer (PO) 1 stated on 8/9/13 Registered Nurse (RN) 1 gave Patient 1's Discharge Medication List to Patient 2's family. RN 1 stated she felt rushed and did not check the Identification (ID) band against all of the discharge paperwork. PO stated RN 1 should have verified all discharge paperwork with Patient 1's ID band.The PHI disclosed included Patient 1's name, date of birth, medical record number, account number, date of service, reason for [hospital] visit, and a list of medications to be taken at home.The hospital Policy/Procedure Number PR-1016 dated 08/11 indicated, "it is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential..." 2) On 8/23/13 at 11:55 a.m., during a staff interview, PO 1 stated on 7/6/13 RN 2 gave a school release form for Patient 3 to Patient 4. PO 1 stated RN 2 did not double check Patient 4's ID band with the school release form.The PHI disclosed included Patient 3's name, date of birth, date of service, allergies, and physicians name.The hospital Policy/Procedure Number PR-1016 dated 08/11 indicated, "it is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential..." 3) On 8/23/13 at 12:08 p.m., during a staff interview, PO 1 stated on 7/8/13 RN 3 gave PHI Patient 5 a prescription for Patient 6 and discharge instructions for Patient 7. PO stated RN 3 did not follow the correct ID process, checking Patient 5's ID band to the patient name on the prescription and the discharge instructions. Patient 6's PHI breached included name, date of birth, address, medical record number, home telephone number, allergies, and medications ordered. Patient 7's PHI breached included name, medical record number, account number, medications ordered, and follow-up referrals. The hospital Policy/Procedure Number PR-1016 dated 08/11 indicated, "it is the policy of [hospital] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [hospital] and/or by specific legal statutes shall be kept confidential..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights