Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
HEMET VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 6, 2014. Also cited in 39 other reports.
Report ID: EDOY11, California Department of Public Health
Reported Entity: HEMET VALLEY MEDICAL CENTER
Issue:
Based on staff interview and record review the facility failed to prevent the unauthorized access and/or disclosure of Patient 1's private health information (PHI), when a document containing Patient 1's PHI was inadvertently faxed to an incorrect recipient (Patient 2). This had the potential to result to the misuse of Patient 1's private health information.Findings:On November 6, 2014, at 5 p.m. an investigation was conducted on this entity reported incident. On November 6, 2014, at 5 p.m., the facility Director of Health Information Management (DHIM) was interviewed. The DIHM stated on October 27, 2014, she was notified regarding information pertaining to the following, a pathology consultation report containing: clinical history, specimen designation, gross description of specimens, physician's name, diagnosis, date of birth, patient room number, and medical record number, pathology number, and sexual orientation, was inadvertently faxed with documents from another patient, Patient 2, to a skilled nursing facility.On November 10, 2014, a record review was conducted of the letter sent by the facility to Patient 1 informing Patient 1 of the clinical error. The letter indicated, "We conducted an investigation and determined that the faxing to the incorrect recipient occurred due to a clinical error. The hospital case manager was arranging for Patient 2's transfer at the same time she was making arrangements for you (Patient 1) for home health services. She (the case manager) accidentally included your pathology consultation report with the other patient's records (Patient 2). The fax was received by an unintended recipient (skilled nursing staff members) who contacted the hospital immediately and shredded the document received in error."A review was conducted of the facility policy, "Breach of PHI-Notification Requirements," dated with revision September 2013. The policy indicated, "The hospital will implement, identify and respond to suspected or known breaches...document breaches and their outcome."The facility failed to maintain Patient 1's Private Health Information by sending her PHI to another facility without authorization from Patient 1 and/or her representative. This had the potential to result to the misuse of Patient 1's private health information.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280