Confidentiality breach: Hospital sent patient records to auto shop
Has your hospital looked at what's behind breaches of patient privacy? Two examples from California show just how easy it is to accidentally give unauthorized access to confidential patient medical records.
The California Department of Public Health (CDPH) found that Children's Hospital of Orange County sent patient records to an auto shop in 2009, according to the Orange County Register. The business received six faxes containing healthcare information, including information that identified the patient's name, date of birth, and details about the visits.
Hospital staff told the Register that a test fax should have been sent first, per hospital policy.
In another breach of patient privacy by the same hospital, patient records were faxed to the wrong doctor, because the name of the patient's ER doctor was not correctly entered into the system. The hospital is checking its database for accuracy.
In related news, the CDPH announced that five California hospitals were hit with administrative penalties and fines totaling $675,000, due to breaches of patient privacy. The fines ranged from $25,000 to $250,000. San Joaquin Community Hospital in Bakersfield was hit with a $25,000 fine after two employees gained unauthorized access to three patients' medical records. After one employee got unauthorized access to 204 patients' medical information, Community Hospital of San Bernardino was fined $250,000.
In 2008, Governor Arnold Schwarzenegger signed legislation to improve patient privacy and to address breaches of confidential information. SB 541 sets health facility fines for privacy breaches and ensured that healthcare providers face real consequences when they fail to protect patient privacy. Fines for facilities range up to $250,000 for each reported case in which private medical information is disclosed to unauthorized parties.