Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST BERNARDINE MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 1, 2015. Also cited in 41 other reports.
Report ID: R5R811, California Department of Public Health
Reported Entity: ST BERNARDINE MEDICAL CENTER
Issue:
Based on a phone interview, and record review, the facility failed to ensure the privacy and confidentiality of Patient A's medical records, when Registered Nurse 1 (RN 1) included medical records for Patient A with Patient B's medical records when transferring Patient(Name of Facility).This failure resulted in the unauthorized release of Patient A's PHI.Finding:During a phone interview on June 1, 2015 at 9:47 AM, with the Facility Compliance Professional (FCP) regarding an entity reported incident of a breach of PHI for Patient A, the FCP stated he was contacted by (Name of Facility) on May 8, 2015, via phone and notified of receiving Patient A's PHI during the transfer. The FCP stated, RN 1 sent the sealed envelope for Patient B to (Name of Facility) but does not know how Patient A's PHI was also received.During an interview with RN 1 on June 5, 2015 at 10:25 AM, she stated when the transport company arrived to transfer Patient B to (Name of Facility), RN 1 gave the sealed envelope of Patient B to the transport company person. RN 1 stated, "I only handed one sealed envelope to the transport person." RN 1 stated she did not know how the transport company also received Patient A's medical records. When asked how this happened, RN 1 stated "I do not have any idea." When asked what the facility's transfer process was, RN 1 stated the chart is copied and the copies are placed in a sealed envelope. A sticker containing patient information is place on the sealed envelope for identification. Report is called to the accepting facility. Once the transport company arrives to transfer the patient, the RN signs the release of the patient.During a review of the documents which had been disclosed to (Name of Facility), the documentation contained Patient A's name, date of birth, gender, medical record number, medication administration record, medication names, diagnosis, transfusion records, nurses notes, physician notes, provider name and laboratory results.A review of the facility's policy and procedure titled, "Safeguarding PHI and Sensitive Information," dated January 12, 2015, indicated it is the policy of (Name of Organization) to provide appropriate access to its information based on a need-to-know basis while preserving its confidentiality and integrity.The failure of RN 1 to verify all documents sent to (Name of facility) belonged to the correct patient, Patient B, resulted in the unauthorized release of Patient A's PHI to (Name of Facility).
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights