Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 28, 2014. Also cited in 44 other reports.
Report ID: B26O11.01, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for two patients (Patient B and C), when an outside agency had requested documents on twin infant (Patient A). The facility mistakenly sent documents containing PHI for twin infant (Patient B) and their mother (Patient C). This placed Patient B and Patient C at risk for identity theft and the unauthorized release of PHI.Findings:During a telephone interview with the Compliance Specialist (CS) on July 28, 2014 at 10:35 AM, to investigate an entity reported incident of a breach of PHI for Patients B and C. The CS stated that two medical record employees (Employee 1 and Employee 2) inadvertently sent documents containing PHI of Patient B and Patient C to an outside agency. Employee 1 was responsible to write the correct medical record number (MRN). Employee 2 was responsible to verify all information was correct prior to releasing documents to an outside agency. The documents for Patient B contained PHI which included: Patient B's name, date of birth, medical record number, and clinical notes. The documents for Patient C contained PHI which included: Patient C's name, date of birth, medical record number, diagnosis and clinical notes. During further interview with the CS, stated the outside agency verbally attested to securely destroying the documentation containing PHI for Patient B and Patient C. The facility notified Patient B and Patient C through a patient notification letter via mail.The facility's policy and procedure titled, "Operating Policy, Patient's Rights, Protection of Patient Privacy," dated May 2013, the policy indicated, "1.1 All medical center employees, members of the medical staff, house staff, volunteers, faculty, and students, shall be responsible for maintaining confidentiality of patient information. This responsibility shall include personal observations, oral conversations, the designated record set and its contents, and any other electronically stored or written patient or patient- related data."The facility 's failure to safeguard the documents containing Patient B and Patient C's PHI placed Patient B and Patient C at risk for identity theft and unauthorized release of PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights