Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Ukiah Valley Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 27, 2013. Also cited in 31 other reports.
Report ID: 3U7J11, California Department of Public Health
Reported Entity: UKIAH VALLEY MEDICAL CENTER/HOSPITAL D
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of a patient's (Patient 1) protected health information, when some of Patient 1's medical information was mailed to another physician. This failure allowed the unlawful or unauthorized access to protected health information.Findings:The California Department of Public Health was notified on 2/14/13, that a, "Breach of Protected Health Information (PHI)," occurred on 2/1/13.During an interview on 2/27/13 at 10:50 a.m., Administrative Staff A stated that she received notification from Physician C's office, on 2/14/13, that they had received a phone call from Physician E's office indicating that he had received PHI for Patient 1, in the mail. The PHI included Patient 1's name, age, gender, date of birth, medical record number, chief complaint, a progress note, allergies, complete medical history, and treatment plan.Administrative Staff A also stated that Patient 1 had been referred to Physician C by Physician D, and subsequent to Patient 1's consultation Physician C requested a copy of the visit, with Patient 1, be mailed to Physician D.Administrative Staff A further stated that it was an error in not following policy and procedure, on the part of Unlicensed Staff B, in that both Physician D and Physician E had the same last names, and Unlicensed Staff B did not double check secondary identifiers such as a middle name. A review of the facility Policy and Procedure for, "Use and Disclosure of protected Health Information" (12/12/05), indicated the following:"AFFECTED DEPARTMENTS/SERVICES: 1. All Corporate Office Departments 2. System-Wide Facilities...POLICY: COMPLIANCE-KEY ELEMENTS....Under the Privacy Rule, [Facility Corporation Name] entities are permitted to use or disclose PHI when: 1. The disclosure is to the individual to whom the PHI pertains."The Department confirmed that Patient 1 was informed of the breach, by mail, on 2/14/13, within the required timeframe's.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280