Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST BERNARDINE MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 24, 2015. Also cited in 41 other reports.
Report ID: 2BX811.01, California Department of Public Health
Reported Entity: ST BERNARDINE MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of Patients A through R's protected health information (PHI) when a Certified Nurse Assistant (CNA 1) lost the general worksheet document which contained 18 patients' PHI. This resulted in an unauthorized disclosure of Patients A through R's PHI.Findings:On April 1, 2015 at 2:20 PM, a phone interview was conducted with the Privacy Liaison regarding an entity reported incident of a breach of Patients A through R's PHI. The Privacy Liaison stated that a registry CNA had her patient assignment sheet, which listed patient names, date of births, ages, account numbers, and diagnoses for 18 patients, in her uniform pocket. It was found by a visitor in the restroom who returned it to a charge nurse. The CNA stated it fell out of her pocket.The Privacy Liaison stated that Patients A through R were notified individually, on June 23, 2014, of the breached PHI, and provided copies of the letters for review.CNA 1 was uninterviewable due to termination of employment.A review was conducted of the notification letters dated June 23, 2014, sent by the Privacy Liaison to Patients A through R notifying them of the breach of their PHI.A review of the general worksheet document indicated the room number, unit number, patient name, date of birth, age, and diagnosis for 18 patients, (Patients A through R).A review of the facility's policy and procedure titled, "Safeguarding PHI and Sensitive Information," dated January 17, 2012, indicated "It is the policy of (name of facility) to provide appropriate access to its information based on a need-to-know basis while preserving its confidentiality and integrity."The facility failed to ensure the confidentiality of 18 patients PHI by not safeguarding a general worksheet document resulting in unauthorized disclosures of Patients A through R's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights