Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
LOMA LINDA UNIVERSITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 7, 2014. Also cited in 44 other reports.
Report ID: QMNK11, California Department of Public Health
Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER
Issue:
Based on interview, and record review, the facility failed to ensure the confidentiality of treatment provided to two patients (Patient B and C) was maintained, when compact discs (CDs) containing their radiology films were inadvertently given to Patient A, who had requested her records for a doctor visit. This resulted in a breach of protected health information (PHI) for Patients B and C.Findings:An unannounced visit was made to the facility on January 7, 2014 at 2:45 PM, to investigate an entity reported event of a possible breach of PHI.During an interview with the facility's compliance officer on January 7, 2013 at 2:50 AM, he stated,"Patient A had come to get her MRI (magnetic resonance images-specialized x-ray) which were copied onto a CD. She was handed an envelope containing four CDs. Patient A did not open the envelope until she was at her doctor's office in Hawaii. Three of the four CDs were labeled for Patient B, and one for Patient C.Patient A and her doctor thought the CDs had been mislabeled so put them into the viewer. It was discovered that the images contained Patient B and C's name, medical record number, and age. Patient A's husband called us immediately and the CD's were returned."During a review of the facility policy and procedure (P&P) titled, "Privacy and Security of Information Resources: Information Classification and Protection " dated August 2013, it indicated a breach of information was, "Unauthorized acquisition of any confidential, protected , or restricted information in any digital..or paper format that compromises the security, confidentiality, or integrity of personal information..." An interview with the compliance officer on January 7, 2014 at 3:40 PM, was conducted and it was stated that there had been a breach of PHI , when Patient A and her doctor opened and read the images on the CDs containing Patient B and C's PHI, which violated their right to confidentiality related to their medical care.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights