Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 31, 2014. Also cited in 44 other reports.
Report ID: 8HL811.01, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on interview, and record review, the facility failed to ensure the confidential treatment of Patient A's protected health information (PHI) , when her immunization records were inadvertently given the mother of Patient B during a clinic visit. This resulted in a breach of Patient A's PHI.Findings:On January 31, 2014 at 1:00 PM, an unannounced was made to the facility to investigate an entity reported incident of a breach of a patient's (Patient A) PHI.During an interview with the facility privacy officer (FPO) on January 31, 2014 at 1:20 PM, he stated, "Patient A came into the clinic on January 13, 2014. The mother gave the nurse the child's immunization record during registration. At the end of the visit the mother did not ask for the record, and the nurse did not return it per protocol. The protocol is to attach the immunization record to the clipboard during the visit in case immunizations are given and need to be added. At the end of the visit the nurse is to return the record along with any care instructions or prescriptions. Patient B's mother realized the error and returned the record to the clinic."A review of the immunization record indicated that it contained: Patient A's name, date of birth, medical record number, and a list of the various immunizations that had been received, and any that were due to be received.A review of the facility policy and procedure titled, "Privacy and Security of Information resources," dated August 2013, was conducted. the policy listed PHI as, "individually identifiable health information...in any form...it relates to the past, present, or future physical or mental health or condition of an individual."During an interview with the FPO on January 31, 2014 at 1:30 PM, he confirmed that a breach had occurred.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights