Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Good Samaritan Hospital
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 13, 2014. Also cited in 21 other reports.
Report ID: 9XUD11.01, California Department of Public Health
Reported Entity: GOOD SAMARITAN HOSPITAL
Issue:
Based on interview and record review, the hospital failed to prevent unauthorized access to medical information for seven of seven sampled patients (1-7), when an integrated technology (IT) technician (Staff A) transmitted patient health information to an unaffiliated medical school in another state. Findings:On 10/9/13, the California Department of Public Health received an entity reported incident report via electronic mail. The report indicated the hospital detected a potential event of unauthorized disclosure of medical information for 7 patients. During an interview and record review on 3/13/14 at 9:30 a.m., the privacy officer (PO) provided a list of seven patient names. The PO stated, Staff A had inadvertently transmitted patient health information (PHI) for the seven patients to an unaffiliated medical school in another state. The PHI was transmitted electronically while testing the IT system. Disclosed information included the patients' names, date of births, telephone numbers, addresses, and social security numbers. During an interview on 3/20/14 at 1:55 p.m., the corporate regional IT manager (RITM) stated, Staff A was testing the transmission of patient information between hospitals. RITM further stated, during the test, patient information including the patients names, dates of births, phone numbers, addresses and social security numbers were inadvertently sent to a medical school in Nevada due to an incorrect default setting in the IT system. RITM stated the error was detected when a person at a Nevada medical school informed the hospital they had received information their system did not recognize.During an interview on 3/20/14 at 1:45 p.m., the data manager (DM) at a medical school in XXXXXX stated her job duties included collecting electronic data from local hospitals. Although the DM did not recall the exact day, DM stated electronic information containing a list of names, with dates of births, addresses, and telephone numbers was sent to the medical school where she worked. DM stated her computer system did not recognize the patient names and automatically placed the transmitted information into an error file. On 3/20/14 review of a sample letter sent by the hospital to each of the seven patients dated 10/9/13 indicated each patient was informed their PHI including name and social security number was disclosed to an unaffiliated medical school. The letter offered assistance to the patients for credit monitoring.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280