Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST MARY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 24, 2014. Also cited in 55 other reports.
Report ID: FCTY11, California Department of Public Health
Reported Entity: ST MARY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of Patient A's protected health information (PHI), when a Telemetry Unit (unit with portable heart monitors) registered nurse (RN 1) disclosed the, "Patient Instructions Signature Page," for Patient A to Patient B's husband, upon Patient B's discharge from the Telemetry Unit. This failure resulted in a breach and the unauthorized release of Patient A's PHI.Finding:On October 14, 2014 at 3:05 PM a phone interview was conducted with the Manager of Accreditation and Risk Management (MARM) regarding an entity reported incident of a breach of PHI for Patient A, on September 16, 2014. The MARM stated, Patient A's signature page was with the discharge paperwork for Patient B on the printer. The nurse [RN 1] grabbed all the documents off the printer and did not thoroughly go through all the pages. The signature page for Patient A was given to and signed for, by Patient B's husband and placed in Patient B's chart. The MARM also stated, when discharging a patient, the nurse is supposed to check every page for the correct patient's name before having the patient sign the document. During a review of the documentation that had been disclosed to Patient B's husband, the document contained Patient A's name, date of birth and medication orders.A review of the facility policy and procedure titled, "Confidentiality Policy," not dated, indicated under section "A," "Employees are required to follow all policies and procedures ... regarding use and disclosure of business and patient information... in order to ensure that business and patient information is safeguarded at all times."The failure of RN 1 to verify all the documents belonged to the intended recipient, Patient B, resulted in the unauthorized release of Patient A's PHI to Patient B's husband.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights