Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
DOCTORS MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 1, 2012. Also cited in 64 other reports.
Report ID: L1CC11, California Department of Public Health
Reported Entity: DOCTORS MEDICAL CENTER
Issue:
Based on staff interview, facility and administrative document review, the facility failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's PHI was mistakenly faxed to the wrong hospital.2. The PHI for Patient 2, Patient 3 and Patient 4 was mistakenly sent to a mental health facility instead of the intended hospital.These failures placed the PHI for Patient 1, Patient 2, Patient 3 and Patient 4 at risk for possible unauthorized use.Findings:Refer to CA00297390 1. On 3/1/12 at 11:50 a.m., during a telephone interview, Staff 1 (Privacy Officer) Stated on 1/18/12 Staff 2 mistakenly faxed Patient 1's PHI to the wrong hospital. Staff 1 stated the PHI consisted of a Face sheet and and Medication Order sheet that contained Patient 1's name, date of birth, date of service, medical record number, account number, guarantor information, attending physician, medical diagnosis and medication prescribed.The facility policy and procedure number 1.0.0, titled "Privacy Policy Overview" contained the following documentation: " Privacy Policies and Procedures have been established to outline directives relating to the Protected Health Information ("PHI") of Patients. These directives include: Protecting the privacy of the PHI of Patients in accordance with California and federal requirements. ...Affording Patients their rights with respect to their PHI in accordance with California and federal requirements."The facility policy and procedure number VI-32 titled "Transmission of Medical Records by Facsimile" contained the following documentation: "The sender must verify by telephone the availability of the authorized receiver before beginning transmission."Refer to CA002978622. On 3/1/12 at 11:50 a.m., during a telephone interview, Staff 1 stated on 1/24/12 the facility became aware of a possible privacy breach. The facility's internal investigation revealed the Discharge Summary for Patient 2, Patient 3 and Patient 4 were sent to an outside mental health facility instead of the intended hospital. Staff 1 stated the error occurred when Staff 3 (Physician) mistakenly dictated to have Patient 2, 3 and 4's Discharge Summary sent to an incorrect health facility.On 3/1/12 at 12:00 p.m., review of the Discharge Summary contained Patient 2, 3 and 4's name, date of birth, date of service, medical record number, account number, attending physician, reason for hospitalization, Results of consultation, course of hospitalization, mental status at the time of discharge, mental health diagnosis, discharge plan and prognosis. The facility policy and procedure number 1.0.0, titled "Privacy Policy Overview" contained the following documentation: " Privacy Policies and Procedures have been established to outline directives relating to the Protected Health Information ("PHI") of Patients. These directives include: Protecting the privacy of the PHI of Patients in accordance with California and federal requirements. ...Affording Patients their rights with respect to their PHI in accordance with California and federal requirements."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights