Confidentiality breach: Hospital sent patient records to auto shop

Tools

Has your hospital looked at what's behind breaches of patient privacy? Two examples from California show just how easy it is to accidentally give unauthorized access to confidential patient medical records.

The California Department of Public Health (CDPH) found that Children's Hospital of Orange County sent patient records to an auto shop in 2009, according to the Orange County Register. The business received six faxes containing healthcare information, including information that identified the patient's name, date of birth, and details about the visits.

Hospital staff told the Register that a test fax should have been sent first, per hospital policy.

In another breach of patient privacy by the same hospital, patient records were faxed to the wrong doctor, because the name of the patient's ER doctor was not correctly entered into the system. The hospital is checking its database for accuracy.

In related news, the CDPH announced that five California hospitals were hit with administrative penalties and fines totaling $675,000, due to breaches of patient privacy. The fines ranged from $25,000 to $250,000. San Joaquin Community Hospital in Bakersfield was hit with a $25,000 fine after two employees gained unauthorized access to three patients' medical records. After one employee got unauthorized access to 204 patients' medical information, Community Hospital of San Bernardino was fined $250,000.

In 2008, Governor Arnold Schwarzenegger signed legislation to improve patient privacy and to address breaches of confidential information. SB 541 sets health facility fines for privacy breaches and ensured that healthcare providers face real consequences when they fail to protect patient privacy. Fines for facilities range up to $250,000 for each reported case in which private medical information is disclosed to unauthorized parties.

To learn more:
- read the Orange County Register article
- read the California Department of Public Health's press release

Related articles:
California finalizes bills boosting patient privacy
California expands health data breach rules
Report: UCLA data breaches happen often