Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAN JOAQUIN COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 24, 2011. Also cited in 8 other reports.
Report ID: 6I9M11, California Department of Public Health
Reported Entity: SAN JOAQUIN COMMUNITY HOSPITAL
Issue:
Based on record review and interview, the hospital failed to prevent unauthorized access to several patients' medical information when it was learned a local newspaper reporter possessed a computer printout from the hospital containing names and medical information of seventeen patients. This violated the rights of the seventeen patients involved. Findings: In a letter to the Department dated 5/26/11, written by the hospital's Director of Health Information Management (DHIM), it indicated on 5/17/11, she was notified by another State of California health agency that a newspaper reporter from The Bakersfield Californian possessed a computer printout from the hospital, naming seventeen patients of the hospital. The letter to the Department further read the printout contained the name of the hospital, the patient's full names, attending physician's names, dates of birth, admission date, and admission chief complaint. The letter read the printout was dated 1/8/10. The letter continues that after a hospital investigation, it was determined it was indeed hospital practice in 1/2010 to print such a list and give them to Case Managers working with the patients. The letter read, "This is no longer a current practice at our facility." During an interview with the DHIM on 5/31/11 at 3:05 PM, she verified the incident detailed in the letter to the Department. The DHIM stated it was hospital practice in 1/2010 to do "screen prints" from hospital computers, and give these to Case Managers working with the patients. Health & Safety Code 1280.15 (b)(1) A clinic, health facility, agency, or hospice to which subdivision (a) applies shall report any unlawful or unauthorized access to, or use or disclosure of, a patient's medical information to the department no later than five days after the unlawful or unauthorized access, use, or disclosure has been detected by the clinic, health facility, agency, or hospice.Based on record review and interview, the hospital failed to notify the Department of the unauthorized access to patient medical information within the five day reporting timeframe. This violated the rights of the patients affected.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights