HIPAA Helper »
SUTTER COAST HOSPITAL »
Oct 18, 2012

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

SUTTER COAST HOSPITAL

800 E WASHINGTON BLVD CRESCENT CITY,CA 95531

Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 18, 2012. Also cited in 58 other reports.

Report ID: 4ZQN11, California Department of Public Health

Reported Entity: SUTTER COAST HOSPITAL

Issue:

Surveyor: Carnahan, MeritBased on interview and record review, the facility failed to prevent unauthorized access and disclosure of a patient's (Patient 1) medical information when it was sent to an insurance company to which Patient 1 was not subscribed to. This failure allowed the unlawful or unauthorized access to patient 1's medical information. Findings:The California Department of Public Health was notified on 10/9/12 that a, "Breach of Protected Health Information (PHI)", occurred on 10/4/12.During an interview on 10/18/12 at 10:00 a.m., Administrative Staff A stated that he received notification, on 10/4/12, indicating that the County Medi-Cal office had received a health insurance 1500 claim form, for facility services, for Patient 1 who was not listed as one of their insured clients. The bill had been sent by an outside billing company to the secondary insurance listed for Patient #1 on her demographic sheet.Administrative Staff A further stated that Patient 1's primary insurance had already been billed correctly; that Patient 1 never had secondary insurance; and that subsequent investigation was unable to determine how, during an admission process, the wrong information was typed in by the admission clerk as secondary insurance on Patient 1's demographic sheet.A review of the facility Policy and Procedure for "Overview of Privacy Policies under HIPAA" (dated 12/29/10) revealed: "I. Policy: It is the policy of the facility to protect the privacy and security of patient information and to comply with applicable laws and regulations.III. G. 3. Accurate Information It is the responsibility of all individuals who collect information from patients or who record information about patients in a chart, medical record or other type of record keeping system, to be as accurate and complete as possible".

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Do you believe your privacy has been violated? Here’s what you can do: