Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST MARY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 3, 2014. Also cited in 55 other reports.
Report ID: QOGQ11, California Department of Public Health
Reported Entity: ST MARY MEDICAL CENTER
Issue:
Based on interview, and record review, the facility failed to maintain confidential treatment of Patient A's protected health information (PHI) when Patient A's medication administration record (MAR) from an emergency room (ER) visit, was inadvertently faxed with Patient B's clinical record to an outside facility. This resulted in a breach of PHI.Findings:An unannounced visit was made to the facility on January 3, 2014 at 11:00 AM, to investigate an entity reported event of a possible breach of PHI for Patient A.During an interview with the Director of Accreditation on January 3, 2014 at 11:10 AM, she stated, "On December 10, 2013, the Director of Health Information Management (HIM) received an anonymous FAX with a note which informed us that they had received our patient's record in error. There was no cover sheet attached. When the Director of HIM looked into the electronic system, it was determined that the information for Patient A had been inadvertently scanned into Patient B's electronic record in September of 2012. We weren't notified until December 10, 2013. When we tracked where Patient B's electronic clinical record had been faxed, it turned out to be another facility."A review was conducted of the form that was inadvertently scanned into Patient B's electronic record on January 3, 2014. The form listed Patient A's:name, date of birth, age, sex, account and medical record numbers and medications. A review of the facility policy and procedure titled, "Federal Reporting and Notification Requirements Regarding Breaches of Protected Health Information," dated July 2013, was conducted with the Accreditation Director on January 3, 2014 at 11:35 AM. According to the policy a breach is defined as, "Acquisition, use, or disclosure of Unsecured Protected Health Information in a manner not permitted by the Privacy Rule which compromises the security or privacy of such information."During an interview with the Accreditation Director after review of the facility policy and procedure, she confirmed a breach of Patient A's PHI had occurred when the facility released Patient A's protected health information to an outside facility.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights