Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSPITAL - SACRAMENTO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 18, 2015. Also cited in 12 other reports.
Report ID: 9ULF11, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSPITAL - SACRAMENTO
Issue:
Based on staff interview and document review the hospital failed to prevent an unauthorized disclosure (Breach) of patient medical information (PHI) for 31 of 31 sampled residents (Patients 1-31).Findings:1. On 11/12/14 the hospital reported to the Department that on 9/22/14 a census report, containing the names of 31 patients (Patients 1-31) was stapled to discharge instructions of another patient. The census report contained the patient's names, medical record number and medical diagnosis for each patient. The breach was discovered on 11/6/14 when the patient went to a follow-up appointment at a clinic and gave the discharge instructions to clinic staff, who then called the facility to report the breach. (reference 2014-10891)2. On 12/16/14 the hospital reported to the Department that an employee of another hospital accessed Patients 32's, 33's, 34's medical records without a business need to know. The two hospitals are part of a hospital system and share the same electronic medical records system. The information accessed contained the patients' names, medical record number, age, gender, provider name, allergies, isolation and code status, height, weight, diagnosis, principle problems and medications for each patient. (reference 2014-11856)3. On 12/15/14 the hospital reported to the Department that on 12/5/14, during the discharge process, an employee attached a portion of Patient 36's medical records to Patient 35's paperwork. Patient 36 discovered the other patient's papers, called member services and the paperwork was returned to the hospital. (reference 2014-11965)4. 1/9/15 the hospital reported to the Department that on 1/1/15 a hard copy of a prescription for Patient 37 was given to another patient during discharge. The prescription contained Patient 37's name, age, gender, date of birth, medical record number, medication name, medication dosage and instructions. (reference 2015-00079)5. On 2/23/15 the hospital reported to the Department that on 2/3/15 an emergency room registered nurse (RN) allowed a police officer accessed to Patient 38's electronic medical record, so the police officer could do his/her own documentation. (reference 2015-01571)On 6/17/15 the hospitals Director of Risk Management (DRM) was interviewed at 1:30 p.m. The DRM confirmed that the above breaches occurred as reported.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280