Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST MARY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 22, 2015. Also cited in 55 other reports.
Report ID: TOS411, California Department of Public Health
Reported Entity: ST MARY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when a registered nurse (RN1) gave Patient A's "Patient Instruction Signature Page" to Patient B to sign upon discharge. This failure resulted in a breach of Patient A's PHI to Patient B.Finding:A phone interview was conducted on February 12, 2015 at 3:50 PM with the Supervisor of Telemetry (SOT) and the Manager of Telemetry (MOT) for the facility regarding an entity reported incident of a breach of PHI for Patient A, detected by the facility on January 2, 2015. The SOT stated the nurse preparing discharge documentation is to do a visual check to ensure they are documenting for the correct patient in the Electronic Medical Record. The SOT further stated that name and date of birth are to be used as double identifies when giving a patient their discharge paperwork. When asked what happened in this incident, the SOT stated Patient B was anxious to leave and another RN prepared the discharge paperwork for the patient. When the discharge packet was given to RN1, a prescription was covering Patient A's name. The SOT further stated it is the responsibility of the RN to check every page of a packet to ensure all the documents are given to the correct patient.During record review it was determined Patient A was notified via mail of the breach on January 14, 2015 of their individual PHI.A review of the documentation given to Patient B to sign upon discharge contained Patient A's name, date of birth, general diagnosis and medications prescribed during the hospital visit. A review of the facility policy and procedure titled, "Confidentiality Policy," dated January 24, 2012, indicated under section "A","Employees are required to follow all policies and procedures ... regarding use and disclosure of business and patient information... in order to ensure that business and patient information is safeguarded at all times."The failure of RN1 to ensure the documents given to Patient B were intended for Patient B, resulted in the unauthorized release of Patient A's PHI to Patient B.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights