Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
HEMET VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 31, 2013. Also cited in 39 other reports.
Report ID: B3CC11.02, California Department of Public Health
Reported Entity: HEMET VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to notify the California Department of Public Health (CDPH) of the unauthorized disclosure of Patient 1's protected health information (PHI) within five business days after the disclosure had been detected by the facility. This resulted in a delay in the investigation of the unauthorized disclosure of Patient 1's PHI. Findings:On October 31, 2013, at 11 a.m., the Director of Quality (DQ), was interviewed. The DQ stated Patient 2 was transferred to a SNF on June 13, 2013. The SNF notified the facility they had received lab results for another patient (Patient 1) within the transfer paperwork for Patient 2, and had shredded the documents. The SNF did not identify the name of Patient 1. The DQ stated the nurse, who received the phone call from the SNF, filled out a report using the internal reporting process on June 14, 2013. The DQ stated the report generated email notifications to the quality department as well as the manager of the unit in which the report was generated from. The DQ stated during routine reviews of the status of internal reports, on July 10, 2013, she found the potential breach had not been investigated or reported.In a concurrent interview with the PO, she stated the quality department notified her of the potential breach on July 10, 2013 (32 days after the incident was first reported to the facility).The California Department of Public Health (CDPH) was notified via a facsimile dated July 16, 2013, of the unauthorized access of Patient 1's PHI (twenty five days after the required notification of five business days).The facility policy and procedure titled "Breach of PHI - Notification Requirements" dated November 2010, revealed "... The Hospital shall report in writing, by facsimile and certified mail, return receipt requested, any unlawful or unauthorized access to, or use or disclosure of, a patient's medical information to the nearest regional office of the California Department of Public Health no later than five (5) business days after the unlawful or unauthorized access, use, or disclosure has been detected by the Hospital."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280