California’s Department of State Hospitals – Coalinga (DSH-C) has informed 1,738 patients about the impermissible disclosure of some of their protected health information (PHI) by a DSH-C employee.
The United States District Court, Eastern District of California requested to be given DSH-C patient rosters so as to know if patients were entitled to a waiver of fees for filing a lawsuit. A DSH-C employee provided a District Court Clerk the requested rosters.
The patient rosters included the data of patients that did not file a lawsuit. The rosters also included more data than was requested by the District Court Clerk to find out waiver eligibility. Therefore, the disclosure violated the HIPAA Rules.
The rosters included these data elements: name, birth date, gender, case number, legal commitment, unit number, and admission date. DSH-C stated it believes that the data was not used for any purpose except for determining eligibility for a public benefit given by the Court.
Upon being aware of the data breach, the District Court Clerk received instruction to get rid of all DSH-C patient rosters given to the District Court. Employees will be having additional training about data protection and guidelines and procedures are being evaluated and adjusted to make sure better clarity on permitted uses and disclosures of patient data.