Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST MARY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 30, 2014. Also cited in 55 other reports.
Report ID: 6PUD11, California Department of Public Health
Reported Entity: ST MARY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to protect the confidential, protected health information (PHI) for Patient A, when RN 1 gave a prescription which contained Patient A's PHI to Patient B upon discharge from the telemetry (portable heart monitors) department, without verifying the name on the prescription. This had the potential to result in a breach of Patient A's PHI and placed the patient at risk for identity theft. FINDINGS:On August 7, 2013, at 3:30 PM, a phone interview was conducted with the facility privacy officer (FPO) to investigate the entity reported incident of a possible breach of PHI of Patient A. On January 14, 2014, a review of the entity reported incident was conducted. The facility PHI Breach Report was also reviewed, which revealed that on January 9, 2012, Patient B was discharged from the telemetry (portable heart monitor) department. On April 20, 2012, Patient B notified the facility that she had attempted to use the prescription and was told that it had another name (Patient A's) on it. Patient A's PHI (label on the prescription) which was given to Patient B without authorization included the following. Patient name, medical record number, account number, and date of birth. On January 14, 2012, RN 1's personnel file was reviewed. RN 1 had received confidentiality, privacy, and HIPPA, training on June 7, 2010, and April 25, 2011.On May 30, 2014, at 10:30 AM, an interview was conducted with the FPO, who confirmed this incident. She stated that the prescription label had Patient A's information on it, but the medication was ordered for Patient B, and not for Patient A. The FPO further stated that RN 1, should have checked the prescription against Patient B's arm band " to ensure the correct patient received it. The facility failed to protect patient rights regarding maintaining the privacy and confidentiality of patient (PHI), which resulted in Patient A being placed at risk of identity theft, when a prescription containing Patient A's PHI was given to Patient B without authorization.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights