Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 18, 2013. Also cited in 64 other reports.
Report ID: BN7O11, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Based on staff interview, clinical record review, and administrative document review, the hospital failed to ensure confidential treatment of Patient 1-3's protected health information (PHI) when:1. Patient 1's PHI was faxed to a local resident and not to the patient's pharmacy (CA00372077)2. Patient 2's PHI was given to Patient 4. (CA00372202)3. Patient 3's PHI was faxed in error to a community health center. (CA00372697)This failure resulted in unauthorized access to Patient 1-3's PHI and the potential for abuse of that information.Findings:CA003720771. On 10/18/13 at 1 p.m., during a telephone interview, the Privacy Officer (PO) stated on 9/26/13, Licensed Nurse 1 faxed Patient 1's PHI to a private resident instead of Patient 1's pharmacy. The PO stated Licensed Nurse 1 should have double checked the fax number before sending the fax, but this was not done.Patient 1's PHI breached included his name, date of birth, medical record number, account number and list of medications being taken.The hospital's policy and procedure titled, "Transmission of Medical Records by Facsimile" dated 5/16/2012, indicated "When faxing documents . . .Verify by telephone the availability of the authorized receiver before beginning transmission. . .Verify from either the Communication/Transmission Result Report OR [Hospital] Patient Information System Audit Trail; the FAX was sent to the correct phone number."CA003722022. On 10/18/13 at 1:15 p.m., during a telephone interview, the PO stated on 9/18/13, Licensed Nurse 2 gave Patient 2's PHI to Patient 4. The PO stated Licensed Nurse 2 should have double checked the name on the forms with the ID of the patient, but this was not done.Patient 2's PHI breached included his name, date of birth, medical record number, account number, address, diagnosis (of depression) and medication list.The hospital's policy and procedure titled, "Information Privacy and Security Administration Policy" dated 9/16/13 indicated "[Hospital] respects the privacy of every patient's medical information and the rights patients have with respect to their medical information. Protecting the privacy of patient information in conformity with applicable federal and state laws requires consistent application of administrative procedures."CA003726973. On 10/18/13 at 1:30 p.m., during a telephone interview, the PO stated a hospital employee (an Operator in the Health Information, Transcription, Communications, and Mailroom Department) faxed Patient 3's PHI to a community health center by mistake. The PO stated the hospital employee should have double checked the records before sending them, but this was not done.Patient 3's PHI included his name, date of birth, account number, medical record number, and diagnosis.The hospital's policy and procedure titled, "Information Privacy and Security Administration Policy" dated 9/16/13 indicated "[Hospital] respects the privacy of every patient's medical information and the rights patients have with respect to their medical information. Protecting the privacy of patient information in conformity with applicable federal and state laws requires consistent application of administrative procedures."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights