Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SUTTER COAST HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 6, 2012. Also cited in 58 other reports.
Report ID: 01ZG11.01, California Department of Public Health
Reported Entity: SUTTER COAST HOSPITAL
Issue:
Based on interview and document review, the hospital failed to prevent unauthorized access to one patient's protected health information (PHI).Findings:In interview on 3/6/12 at 11:00 a.m., Staff A stated that he learned on 12/29/11 that on 12/27/11, Patient 2 received Patient 1's discharge instructions and summary when he left the Sutter Coast Health Center Walk In Clinic. Patient 2 returned the document on the same day. Staff A learned that Staff B had given the document to Patient 2 without verifying that it was Patient 2's information. Staff A stated that the clinic's protocol requires that before handing medical information to a patient, staff has to verify that the document belongs to the patient and a second staff member has to confirm the exchange. Staff A stated that Patient 1 and the Department were notified of the breach on 12/29/11.Document review on 3/6/12 demonstrated that Patient 1's breached PHI consisted of name, age, sex, vital signs, diagnosis, and treatment plans. Document review on 3/6/12 demonstrated that the breach was discovered on 12/27/11 and Patient 1 and the Department were notified on 12/29/11, within 5 business days of discovery.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280