Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAN ANTONIO REGIONAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 27, 2015. Also cited in 35 other reports.
Report ID: UZW311, California Department of Public Health
Reported Entity: SAN ANTONIO REGIONAL HOSPITAL
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of Patient B's protected health information (PHI) when a Registered Nurse (RN 1) gave Patient B's discharge instruction documents to Patient A. This resulted in an unauthorized disclosure of Patient B's PHI.Findings:On February 27, 2015 at 11:00 AM, a phone interview was conducted with the Director of Health Information Management regarding an entity reported incident of a breach of Patient B's PHI detected by the facility on December 16, 2014. The Director of Health Information Management stated that a family member of Patient A called the emergency room to tell them the discharge instructions Patient A received belonged to another patient (Patient B), which contained Patient B's diagnosis, name, age, gender, account number, medical record number, allergies, medication names and dosages, laboratory test names with results and a radiology test with physician impression.The Director of Health Information Management stated that Patient B was notified on December 22, 2014 of the breached PHI, and provided a copy of the letter.On March 30, 2015 at 9:00 AM, a phone interview was conducted with RN 1 regarding this entity reported incident. RN 1 stated she did not verify the patient identification on the discharge instructions and she gave the wrong discharge instructions to the patient (Patient A). "I'm supposed to verify each page for correct patient identification and initial each page. It was a very busy morning in the emergency department."A review of the discharge instruction documents indicated Patient B's name, age, gender, diagnosis, account number, medical record number, allergies, medication names and dosages, laboratory test names with results, and a radiology test with physician impression.A review of the facility's policy and procedure titled, "Confidentiality, Protecting Confidential Information" dated July 2008, indicated "Confidential information must be protected from unauthorized uses, disclosures, inappropriate modification, and/or any action that would prevent it from being readily available to authorized individuals."A review of the facility's policy and procedure titled, "Discharge of Patient: Routine, Leaving Against Medical Advice, Elopement, Patient Who Refuses To Leave the Hospital" dated November 1971 and revised date June 2013, indicated "The patient's nurse will check the completed instructions, prescriptions and other paperwork for proper patient identification, initial each page of the packet and sign, date and time the signature page."The facility failed to ensure the correct discharge instruction documents were given to Patient A resulting in an unauthorized release of Patient B's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights