Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ADVENTIST MEDICAL CENTER - REEDLEY
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 6, 2012. Also cited in 18 other reports.
Report ID: YYM711, California Department of Public Health
Reported Entity: ADVENTIST MEDICAL CENTER - REEDLEY
Issue:
Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when Staff 1 faxed a newborn hearing screening results belonging to Patient 1 to the wrong number in error . This failure placed Patient 1's and Patient 1 Mother's PHI at a potential risk for unauthorized use. Findings:On 7/24/12 at 9:27 a.m., according to a faxed report to the department, the Privacy Officer (PO) confirmed on 7/14/12, a breach had occurred when Patient 1's PHI had been faxed to an unauthorized recipient. The PO stated the misdirected fax was sent to a private citizen's home in error. The PO stated the private citizen recipient (PCR) called and notified the hospital of the misdirected fax. The PO stated the PCR's fax number and the intended recipient facility were different by one number. The PO was made aware of this misdirected fax by Staff 1 on 7/16/12. The PO had reported the misdirected fax to the department on 7/24/12. Patient 1's PHI which was breached included the following: "Name, date of birth, medical record number, telephone number, financial information, and results." Also breached was PHI belonging to Patient 1's mother including: Name, medical record number, date of birth, financials, and contact name, phone number and address. The hospital provided a letter which documented Patient 1's parent was notified the breach had occurred. The receipt of the letter was not verified by return mail receipt or by phone. On 2/7/14, 4/18/14, and 5/2/14, the hospital's Health Information and Privacy Office and/or the Regulatory Compliance Office was contacted to verify the breached information identified as "FIN" or "financials". The information requested was not provided. The facility policy and procedure number 1000.08.09 titled Confidentiality of Protected Health Information contained the following documentation: "... is committed to protecting the privacy and security of protected health information (PHI)... It is the policy of ... to maintain confidentiality for patients and employees at all times and under all circumstances." The facility's policy and procedure number 1000.03.14, titled "Faxing Patient Protected Health Information", contained the following documentation: "It is the sender's responsibility to be aware of the content of the faxes they are sending, to exercise caution in faxing confidential information, and to take precautionary steps to: validate the fax number, key in correct fax number, confirm fax sent to correct fax number, as well as, request is appropriate and meets minimum necessary."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights