Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
UNIVERSITY OF CALIFORNIA SAN FRANCISCO MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 28, 2014. Also cited in 108 other reports.
Report ID: EUPH11.01, California Department of Public Health
Reported Entity: UCSF MEDICAL CENTER
Issue:
Based on the interview and record review the facility failed to protect patient personal information when a patient's consult was inadvertently faxed to an incorrect healthcare provider.Findings:During an interview on 1/28/14, at 9:00 AM, the Manager of Accreditation and Licensing stated, " We were able to verify that a patient's consult was inadvertently faxed to an incorrect help provider. The recipient of the consult contacted the facility to report it and to notify the facility that the document was destroyed."During an interview on 1/28/14, at 9:30 AM, privacy officer #1 stated," this event was known to the facility on 11/25/13. The facility did notify the appropriate authorities on 12/6/13. The facility did notify the patient by letter on 12/5/13.Review of the facility's policy and procedure," statement of privacy laws and University policy", revised June 2013, indicated," it is the legal and ethical responsibility of all UCSF faculty, staff, house staff,... To use, protect, and preserved personal and confidential patient,... Medical information for clinical or research purposes... In accordance with state and federal laws and University policy." This policy also indicated, physician # 1 signed and dated," I have read, understand, and acknowledge all the above statements of privacy laws and University policy and the acknowledgment of responsibility..."The facility was in violation of health and safety code 1280.15 (b) (1) for failure to report the medical information breach no later then five business days after it had been detected by the facility.Conclusion: the facility was 2 days late in reporting the information breach within five business days after it was detected.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280