Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SOUTH COAST GLOBAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 29, 2013. Also cited in 43 other reports.
Report ID: 4F7811, California Department of Public Health
Reported Entity: COASTAL COMMUNITIES HOSPITAL
Issue:
Based on interview and hospital document review, the hospital failed to prevent the disclosure of three patients' (Patients B, E, and H) protected health information (PHI) to unauthorized individuals. Findings:1. On 9/5/12, the CBO (Central Billing Office) received return mail from a payor explaining the claim number did not match any of their records.Review of the hospital's investigation showed documents belonging to Patient B were sent to the wrong payor in error.Patient B's PHI disclosed included name, DOB (date of birth), address, SS# (social security number), service dates, diagnosis, procedure codes and insurance information.2. On 8/23/12, the CBO was made aware of an unsuccessful appeal of a previous denial letter/payment from a payor, affiliated with a medical services organization physicians group for Patient E, on the grounds the appeal was not filed on a timely basis. The hospital's investigation showed an appeals package including medical records for Patient E, was sent to the payor for Patient E at the time of service dated 6/20/12. On 7/17/12, the CBO followed up with the payor regarding the appeals package with Patient E's PHI. The payor's representative stated that claims processing functions had transitioned from that payor to a payor affiliated with a medical services organization physicians group. The transitional process required transfer of all documents supporting claims and appeals in process to the new a payor affiliated with a medical services organization physicians group. The representative also provided evidence of receipt of the appeals package. The CBO received a letter from the payor affiliated with a medical services organization physicians group stating the denial of payment due to non-receipt of supporting documents. The CBO cannot conclude with certainty whether the appeals package was ever delivered from the first payor to the new payor or determine the present location and condition of the package.The PHI belonging to Patient E in the appeals package included name, DOB, address, SS#, service dates, diagnosis, procedure codes and insurance information.3. On 7/12/12, the CBO was notified a breach of Patient H's PHI had occurred on 6/20/12. The CBO was informed medical records belonging to Patient H had, in error, been attached to a claim appeal letter sent to a payor.The hospital's investigation showed the CBO mailed out the claim appeal letter but inadvertently attached Patient H's medical records with it.Patient H's PHI disclosed included name DOB, primary care physician name and phone #, authorization dates, status, account #, diagnosis code, procedure code, insurance name, member identification, clinical notes, medications and emergency department records.On 2/1/13, communication with the CBO's HIPPA (Health Information Privacy Protection Act) Officer confirmed the breaches of PHI occurred as documented.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280