Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
WATSONVILLE COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 16, 2015. Also cited in 5 other reports.
Report ID: 8S0K11.01, California Department of Public Health
Reported Entity: WATSONVILLE COMMUNITY HOSPITAL
Issue:
Based on interview and record review, the hospital failed to prevent the unauthorized disclosure of protected health information (PHI) for 3 patients (1-3) when three face sheets were mailed to an individual outside of the hospital. The failure resulted in the disclosure of 3 patients' PHI to an unauthorized individual. Findings:The California Department of Public Health received a faxed report on 10/23/14, which indicated a union representative for the hospital received in the mail on 10/20/14, an anonymous complaint along with three patients' registration facesheets. A hospital internal investigation revealed the facesheets contained patients' names, addresses, dates of birth, social security numbers, insurance names, diagnoses, and medical record numbers. During an interview on 1/16/15 at 1 p.m., the facility privacy officer (FPO) stated one or more staff members mailed their union representative (Rep) three patients' facesheets accompanied by a complaint letter. FPO stated Rep brought the facesheets to the human resources director who in turn contacted FPO. FPO stated the hospital conducted an internal investigation and was unable to determine who sent these documents to Rep.During an interview on 2/9/15 at 10:30 a.m., Rep stated some patients' facesheets along with other documents were put through the mail slot of his office some time during the night. He arrived in the morning and saw the package on the floor, addressed to him. He opened the package, looked at all the documents, then brought it to the hospital's human resources department (HR), where copies were made. Rep stated an HR staff told him to shred the documents because they contained PHI, which he did.A review of a copy of a facesheet received by Rep indicated disclosure of the patients' names, addresses, dates of birth, ages, sexes, ethnicities, races, medical record numbers, guarantors' information, insurance information, medical conditions, and diagnoses. A review of a copy of a letter dated 10/24/14 from the hospital to the affected patients indicated Rep received a mailing which included the patients' PHI.A review of a copy of the hospital's 12/2012 "Volume I - management of Information" policy indicated PHI will be maintained in a manner which restricts access to those with a need-to-know.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280