HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

1,738 Patients of Coalinga State Hospitals Notified About Improper Disclosure of PHI

The Department of State Hospitals – Coalinga (DSH-C) in California has notified 1,738 patients that some of their protected health information (PHI) has been impermissibly disclosed by a DSH-C employee.

The United States District Court, Eastern District of California had made a request to be provided with DSH-C patient rosters in order to determine whether patients were eligible for a waiver of filing fees when filing a lawsuit. Those rosters were provided to a District Court Clerk by a DSH-C employee.

The patient rosters contained information about patients that had not filed a lawsuit, and the rosters contained more information than was required by the District Court Clerk to determine eligibility for a waiver. The disclosure was therefore in violation of the HIPAA Rules.

The rosters contained the following data elements: name, case number, birth date, legal commitment, admission date, unit number, and gender. DSH-C said it has no reason to believe the information was used for any reason other than for an eligibility determination for a public benefit provided by the Court.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

Upon discovery of the breach, the District Court Clerk was contacted and instructed to destroy all DSH-C patient rosters that were provided to the District Court. Staff members are being provided with further training on data protection and policies and procedures are being reviewed and revised to ensure greater clarity on allowable uses and disclosures of patient information.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.