COMMUNITY HOSPITAL OF SAN BERNARDINO

Report ID: IGCS11, California Department of Public Health

Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO

Issue:

Based on interview and record review, the facility failed to protect ten (10) patient's protected health information (PHI) when a malfunctioning fax machine redirected the data to an unauthorized recipient which resulted in a breach.FindingsOn 5/16/12 at 1:00 PM, an unannounced visit was made to the facility to investigate a self-reported incident involving the PHI of ten patients on 5/1/12.During an interview with the HIPAA officer (health insurance portability and accountability act) on 5/16/12 at 1:30 PM she described the incident as follows:" One of the radiology technicians was faxing a list that contained ten women's names who were scheduled for mammogram to a physician's office. She had a second technician verify the number prior to hitting the send button. Approximately a half an hour later, I was called by a machine company who stated they had received the faxed information in error. There fax number has all but two digits that were the same as the physician's fax number. The staff had been using this number for six months without any problem. Myself, the head of radiology, medical records and the technician did a trial with a blank piece of paper. The fax machine showed the correct number for the doctor's office but sent it again to the machine shop's number. We checked the phone lines and determined it was the actual machine that was problematic and it was taken out of service".A review was done of the letter sent to each of the ten women advising them of the breach. It was determined to be one incident as the names, phone numbers, dates of service, type of service, doctor's name and account numbers were all on one log.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights