Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SHARP CHULA VISTA MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 13, 2013. Also cited in 46 other reports.
Report ID: 85HZ11.01, California Department of Public Health
Reported Entity: SHARP CHULA VISTA MEDICAL CENTER
Issue:
Based on interview, record and document review the hospital failed to ensure that one patient's (Patient A) personal and protected health information (PHI) was kept confidential and not shared with another individual (Patient B) without Patient A's prior authorization.Findings:An on site investigation of an entity reported privacy breach was initiated on 2/13/13 at 2:25 P.M. An interview was conducted with the Emergency Department (ED) Registered Nurse (RN) Manager on 2/13/13 at 2:45 P.M. The EDRNM stated that on 1/17/13 both Patient A and Patient B were treated in the hospital's ED. An ED RN handed the discharge paper work for Patient A to the ED RN (RN 1) that was preparing to discharge Patient B. RN 1, then, proceeded to hand Patient A's discharge instructions to Patient B and sent the patient home. Patient A's discharge instructions contained the following personal and PHI:Patient A's NameDate of BirthHome Phone NumberMedical record NumberChief Medical ComplaintDiagnostic Tests PerformedA review of the hospital's policy and procedure, entitled Confidentiality of Information and dated 8/12, indicated that "Workforce members are expected to:1. Follow all policies and department specific procedures appropriated to their role and responsibilities.2. Protect all sensitive information from unauthorized access, use and disclosure.3. Maintain safeguards for protection of sensitive information. On 2/21/13 at 4:00 P.M., an interview was conducted with RN 1. RN 1 stated that 1/17/13 was a busy day in the ED. RN 1 was a male nurse and he explained that he had a female patient that needed a female treatment. RN 1 asked another ED RN to do the treatment and he went to discharge her patient (Patient B). RN 1 verbally verified Patient B's name and date of birth but he did not review each page of the discharge instructions with Patient B and initial each page, as required by hospital policy and procedure. RN 1 acknowledged that he did not apply reasonable safeguards to maintain the confidentiality of Patient A's personal and PHI because he did not follow hospital policy and procedure while discharging Patient B.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights