Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 21, 2013. Also cited in 72 other reports.
Report ID: 6TX111, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview and document review, the hospital failed to ensure that confidential protected health information (PHI-patient identifiable information ) was safeguarded, for 3 of 3 sampled patients (1,2 and 3). Sixty seven copies of a census report (name, age, sex, religious preference, visit reason and attending physician's name) were found on a street corner in the community by a community member, who reported the breach to the hospital. The failure to protect patients' health information violated Patient 1, 2, and 3's right to privacy and confidentiality in accordance with the hospital's policy.Findings:A review of Patient 1, 2 and 3's PHI which was breached, was conducted with a Registered Nurse (RN) 1 and 2 and the Director of Risk Management (DOR) on 12/3/13 at 8:20 A.M. Patient 1 was admitted to the hospital on 9/29/13 according to the hospital's Facesheet. The census report dated 9/29/13 at 6:06 A.M., indicated Patient 1's age, sex, religion, reason for the hospital visit and the physician's name . Patient 2 was admitted to the hospital on 11/15/13 according to the hospitals Facesheet. The census report dated 9/29/13 at 6:06 A.M., indicated Patient 2's age, sex, religion, reason for the hospital visit and the physician's name . Patient 3 was admitted to the hospital on 9/28/13 according to the hospital's Facesheet. The census report dated 9/29/13 at 6:06 A.M., indicated Patient 3's age, sex, religion, reason for the hospital visit and the physician's name . An interview was conducted with the DOR, RN 1 and 2 on 12/3/13 at 8:30 A.M. Both RN 1 and 2 stated that the practice at the hospital was to review a printed copy of the daily census report with the oncoming nurse at the shift change. In addition, RN 1 and 2 acknowledged that they reviewed the census together during the shift change; however, neither were aware that 67 census copies were printed. A review of the hospitals policy titled "Confidentiality of Information" revised 10/2013 , was reviewed with the DOR on 12/3/13 at 8:30 A.M. The policy indicated it was the responsibility of every employee to safeguard all confidential information; when accessing confidential information, limit the amount of confidential information to the minimum necessary to accomplish the intended purpose of the use or disclosure. This policy was not followed when the hospital did not ensure that Patient 1, 2 and 3's census information printed was not limited and that 67 copies of Patient 1, 2 and 3's census reports were not safeguarded.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights