Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 25, 2012. Also cited in 72 other reports.
Report ID: 2LU211.02, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview and record review, the hospital failed to safeguard protected health information (PHI- is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual) from unauthorized person(s) in accordance with their policies and procedures, for 1 of 2 sampled patients (Patient 1). Patient 1's radiological image on a CD (compact disc) containing confidential patient information was inadvertently given to the wrong patient.Findings:On 10/12/12 at 8:33 A.M., the hospital reported to the Department that an unauthorized disclosure may have occurred when a copy of Patient 1's radiological image was given inadvertently to Patient 2.A review of Patient 1's medical record was conducted on 10/25/12 at 9:08 A.M. Patient 1 was admitted to the hospital's Emergency Department on 9/15/12 due to a fall, per the facesheet. A review of Patient 2's medical record was conducted on 10/25/12 at 9:08 A.M. Patient 2 was admitted to the hospital's Emergency Department on 9/15/12 because of chest pain, per the facesheet.A copy of the CD was provided to the Department on 10/25/12 at 9:08 A.M. The CD was reviewed. The CD contained the following confidential patient information: the Patient 1's name, medical record number, date of birth, date of service, physician's name and the type of image viewed.A telephone interview with the CT (computed tomography- also known as computerized axial tomography or CAT scan; allows for cross-sectional views of body organs and tissues) technician (CTT 1) was conducted on 12/7/12 at 3:35 P.M. CTT 1 stated that he did not recall Patient 1 or Patient 2. He stated that his boss informed him of the incident involving the two patients. He stated that according to log-on records, his log-in revealed that he generated the CD image that was requested and given to Patient 2. He stated that he was informed that the CD image contained Patient 1's confidential patient information and CT image. He acknowledged that the wrong patient's radiological image was placed on the CD that was given to Patient 2.A review of the hospital's policy and procedure entitled "Health Information, Access, Use and Disclosures," effective date of 2/12, was conducted. The policy indicated that the hospital shall access use and disclose protected health information with authorization of patient/legal representatives and in accordance with mandated state and federal disclosure requirements. Per the same policy, it indicated that "All personnel providing services within the (hospital name) organization to include but not limited to employees, volunteers, physicians, Allied Health Professionals, students and contracted and affiliated business associates are responsible for: 1. Awareness of this policy and it's requirements for protecting patient health information from unauthorized access, use or disclosure." An interview with the Patient Relations Coordinator (PRC) was conducted on 12/7/12 at 3:55 P.M. The PRC stated that CT manager confirmed that CTT 1 was who made the CD containing Patient 1's radiological image. She acknowledged that an unauthorized disclosure occurred when Patient 2 was given a CD that contained Patient 1's radiological image and confidential information which was not in accordance with the hospital's policy.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights