Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ADVENTIST MEDICAL CENTER - REEDLEY
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 10, 2013. Also cited in 18 other reports.
Report ID: YA4U11, California Department of Public Health
Reported Entity: ADVENTIST MEDICAL CENTER - REEDLEY
Issue:
Intakes: CA00334103, CA00334110, CA00334116Based on staff interview, facility and administrative document review, the facility failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's imaging reports of 10/16/12 were mistakenly faxed to an unauthorized recipient. 2. Patient 2's imaging reports of 11/14/12 were mistakenly faxed to an unauthorized recipient. 3. Patient 3's imaging reports of 11/16/12 were mistakenly faxed to an unauthorized recipient. These failures placed the PHI for Patient 1, 2, and 3 at a potential risk for unauthorized use.Findings:Refer to CA003341031. On 1/10/13 at 10 a.m., the Privacy Officer (PO) stated, on 10/16/12 during the registration process, Staff 2 mistakenly entered the wrong provider as the ordering Physician for Patient 1's test, resulting in the wrong provider receiving the fax of the imaging results.On 1/10/13 at 10:45 a.m., the PO stated (Patient 1's) PHI contained: Patient name, medical record number, date of birth and imaging results.On 1/10/13 during review of the facility policy and procedure, number 1000.08.09 titled, "Confidentiality of Protected Health Information" contained the following documentation: " [Facility's name] is committed to protecting the privacy and security of Protected Health Information (PHI)...It is the policy to maintain confidentiality for patients and employees at all times and under all circumstances. ...Breach of patient confidentiality through carelessness is when patient information is unintentionally or carelessly accessed, reviewed, or revealed without a legitimate need to know the patient information."The facility policy and procedure, No. 1000.03.14, titled, "Faxing Patient Protected Health Information" contained the following: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in the correct fax number, confirm the fax is sent to the correct number, as well as, a request is appropriate and meets the minimum necessary."Refer to CA003341102. On 1/10/13 at 10 a.m., the Privacy Officer (PO) stated, on 11/14/12 during the registration process, Staff 3 mistakenly entered the wrong provider as the ordering Physician for Patient 1's test, resulting in the wrong provider receiving the fax of the imaging results.On 1/10/13 at 10:45 a.m., the PO stated (Patient 2's) PHI contained: Patient name, medical record number, date of birth and imaging results.On 1/10/13 during review of the facility policy and procedure, number 1000.08.09 titled, "Confidentiality of Protected Health Information" contained the following documentation: " [Facility's name] is committed to protecting the privacy and security of Protected Health Information (PHI)...It is the policy to maintain confidentiality for patients and employees at all times and under all circumstances. ...Breach of patient confidentiality through carelessness is when patient information is unintentionally or carelessly accessed, reviewed, or revealed without a legitimate need to know the patient information."The facility policy and procedure, No. 1000.03.14, titled, "Faxing Patient Protected Health Information" contained the following: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in the correct fax number, confirm the fax is sent to the correct number, as well as, a request is appropriate and meets the minimum necessary."Refer to CA003341163. On 1/10/13 at 10 a.m., the Privacy Officer (PO) stated, on 11/16/12 during the registration process, Staff 3 mistakenly entered the wrong provider as the ordering Physician for Patient 3's test, resulting in the wrong provider receiving the fax of the imaging results.On 1/10/13 at 10:45 a.m., the PO stated (Patient 3's) PHI contained: Patient name, medical record number, date of birth and imaging results.On 1/10/13 during review of the facility policy and procedure, number 1000.08.09 titled, "Confidentiality of Protected Health Information" contained the following documentation: " [Facility's name] is committed to protecting the privacy and security of Protected Health Information (PHI)...It is the policy to maintain confidentiality for patients and employees at all times and under all circumstances. ...Breach of patient confidentiality through carelessness is when patient information is unintentionally or carelessly accessed, reviewed, or revealed without a legitimate need to know the patient information."The facility policy and procedure, No. 1000.03.14, titled, "Faxing Patient Protected Health Information" contained the following: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in the correct fax number, confirm the fax is sent to the correct number, as well as, a request is appropriate and meets the minimum necessary.".
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights