Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 3, 2012. Also cited in 64 other reports.
Report ID: 2Q3E11.01, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Based on staff interviews, clinical record review, and administrative document review, the hospital failed to ensure confidential treatment of Patient 1 - 3's protected health information (PHI) when:1. Patient 1's PHI was faxed to a residence instead of the home health agency.2. Patient 2's PHI was sent to a Skilled Nursing facility in error.3. Patient 3's PHI was picked up by another patient's wife.This failure resulted in unauthorized access to Patient 1 - 3's PHI and the potential for abuse of that information.Findings:1. On 10/3/12 at 8:30 a.m., during a telephone call the Privacy Officer (PO) stated, that on 7/18/12 and unidentified hospital employee faxed Patient 1's PHI to a private residence rather than the home health agency. The PO stated the employee should have double checked the fax number before sending, but this was not done.Patient 1's PHI breached included her name, date of birth, medical records number, account number, social security number, address, telephone number, physician's name,insurance information, diagnosis, medications and physician's orders.The hospitals policy and procedure titled, "Transmission of Medical Records by Facsimile" indicated, "The sender must also verify by telephone the availability of the authorized receiver before beginning transmission. . .Verify from either the Communications/Transmission Result Report OR Doctor's Medical Center Patient Information System Audit Trail; the FAX was sent to the correct phone number."2. On 10/3/13 at 8:30 a.m., during a phone interview the PO stated, that on 7/20/12, a licensed nurse (LN) sent Patient 2's PHI to a Skilled Nursing facility in error. The PO stated the LN should have double checked the paperwork before sending, but this was not done.Patient 2's PHI breached included her name, date of birth, medical records number, account number, social security number, address, telephone number, physician's name,insurance information, diagnosis, medications and physician's orders.The (Hospital) Policy and Procedure titled, "Record Processing and Information Handling" III. Standard: A. Record Processing indicated; "Protected health information (PHI)...whether electronic or paper format, shall be protected from unauthorized disclosure...dissemination...It is expected all Users will maintain the confidentiality of this information."3. On 10/3/18 at 8:30 a.m., during a telephone interview, the PO stated, that on 8/2/12, LN 2 left Patient 3's PHI in his semi-private room where it was picked up by the wife of the other patient in the room.Patient 3's PHI breached included her name, date of birth, medical records number, account number, social security number, address, telephone number, physician's name,insurance information, diagnosis, medications and physician's orders.The (Hospital) Policy and Procedure titled, "Record Processing and Information Handling" III. Standard: A. Record Processing indicated; "Protected health information (PHI)...whether electronic or paper format, shall be protected from unauthorized disclosure...dissemination...It is expected all Users will maintain the confidentiality of this information."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights