Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SOUTH COAST GLOBAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 14, 2013. Also cited in 43 other reports.
Report ID: 1IM611.02, California Department of Public Health
Reported Entity: COASTAL COMMUNITIES HOSPITAL
Issue:
Based on interview and hospital document review, the hospital failed to prevent the disclosure of Patient Ii's protected health information (PHI) to unauthorized individuals. Additionally, the hospital failed to notify the patient within five business days of their knowledge of the breach.Findings:Review of the hospital's investigation regarding Patient Ii's disclosed PHI showed Admitting Clerk 1 (AC 1) generated a face sheet for Patient Nn on 7/31/12. Patient Nn had a similar first name and the same last name of Patient Ii. AC 1 did not verify the date of birth, address or the patient's name with the actual patient (Patient Nn). The face sheet generated had Patient Ii's PHI and not that of the actual patient to have the procedure (Patient Nn). Patient Nn was registered by AC 2 without verification of the information on the face sheet. This generated an addressograph used to stamp all medical record forms belonging to Patient Nn. However, the addressograph was generated with Patient Ii's PHI. Patient Nn's Conditions of Admission form was stamped using the addressograph with Patient Ii's name, date of birth, medical record number and age and a copy was issued to the patient disclosing the PHI of Patient Ii.On 8/13/12, an operating room nurse called the home of Patient Ii to verify the scheduled procedure. The responsible person for Patient Ii denied the patient had any surgery scheduled. The operating nurse called and informed the Outpatient Services clerk, who called Patient Ii's home. The Outpatient Services clerk spoke with Patient Ii's responsible party and disclosed the patient had an appointment on 7/31/12 with the physician (name disclosed) who was to do the procedure (procedure disclosed) on 8/14/12, related to an injury. Patient Ii's responsible party reiterated Patient Ii had no injury and was not having any surgery. It was then the Outpatient Services clerk verified the information on the face sheet and discovered the error.PHI belonging to both Patient Ii and Nn was disclosed to unauthorized individuals.On 8/14/12, the Hospital Compliance Officer was made aware of the breach of PHI for both Patient Ii and Patient Nn. The patients were notified on 8/23/12.On 2/7/12 at 1100 hours, during a telephone interview, the Hospital Compliance Officer confirmed the breaches of PHI and dates as documented.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280