Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 30, 2014. Also cited in 46 other reports.
Report ID: JV2U11, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview and record review, the facility failed to ensure, that a physician assistant (PA) was sensitive to the presence of Patient A's family members, who were unaware of Patient A's medical condition.This resulted in the unauthroized release of Patient A's PHI to family members.Findings:On August 4, 2014, a review of the face sheet for Patient A was conducted. It indicated, Patient A was admitted to the Emergency Department (ED) on March 16, 2013 and discharged home on March 17, 2013 with a diagnosis of possible miscarriage (loss of pregnancy).On August 4, 2014, at 10:40 AM, a phone interview was conducted with the facility's privacy officer (FPO). When asked how the breach was discovered, the FPO stated, "On April 15, 2013, the Director of Risk Management and Patient Relations received a phone call from Patient A. Patient A stated that she was seen in the ED on March 16, 2013, and that the PA disclosed to her (Patient A), that she (Patient A) had a miscarriage. This information was discussed with Patient A in the presence of family members who were in the lobby at the time. Patient A's family were not aware that Patient A had been pregnant. Patient A was also concerned that others in the lobby may have heard the information too."When asked if it was common practice for the ED medical staff to discuss PHI with patients in the ED lobby, the FPO stated, "No, and in this case, the PA should not have discussed Patient A's PHI in front of family members, and the PA should not be providing information to a patient that other people can hear." The FPO further stated, "When the incident was brought to the attention of the Director of the ED medical group, the PA was counseled. In response to the incident, the PA indicated in a written response, dated May 14, 2013 that she, (PA) did not discuss this information in the lobby in front of others and would never disclose sensitive information about a patient in the lobby." The PA was no longer employed at the facility.The PHI disclosed for Patient A in the presence of family members, was that Patient A had been pregnant and miscarried. During a review of facility policy and procedure, titled "Safeguarding PHI and Sensitive Information", dated January 17, 2012, it indicated:"Purpose""To implement certain aspects of (Name of Facility) privacy principles in order to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other federal and state laws governing protection of confidential health information.""Procedure for all facilities""C. Comply with reasonable requests by individuals for oral discussion of PHI to be conducted in a private manner by physically relocating to a more private location or by other means such as quieter tones of voice. Limit, as reasonable, the incidental disclosure of PHI in oral form by using quiet tones of voice and reasonable physical safeguards such as dividers."The failure of the PA to ensure patient privacy while disclosing confidential sensitive information to Patient A, resulted in disclosure of Patient A's PHI to Patient A's family members.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights