Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SALINAS VALLEY MEMORIAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 29, 2014. Also cited in 14 other reports.
Report ID: BMD211.01, California Department of Public Health
Reported Entity: SALINAS VALLEY MEMORIAL HOSPITAL
Issue:
Based on interview and record review, the hospital failed to prevent the unauthorized disclosure of patient health information (PHI) for one of two sampled patients (1), when upon discharge, Patient 2 was given the discharge packet which belonged to Patient 1. The failure resulted in an inadvertent disclosure of PHI to an unauthorized individual. Findings:The California Department of Public Health received a faxed report on 3/28/14, documenting that on 3/24/14, the hospital privacy officer received an email which indicated Patient 2 was provided the incorrect discharge packet, which disclosed Patient 1's name, date of birth, discharge instructions, and medication prescription.During an interview on 8/29/14 at 11:05 a.m., the privacy officer (PO) stated that on 3/24/14, Patient 2 received the incorrect discharge packet. The discharge packet contained information disclosing Patient 1's name, date of birth, discharge instructions, and a written medication prescription. Patient 2's family member returned the discharge packet to a patient accounts staff member (CR). PO stated Patient 2's family member did not notice he had received the incorrect packet until pharmacy staff identified the prescription had the wrong name.During an interview on 8/29/14 at 11:30 a.m., the human resources director (HRD) stated an emergency room (ER) registered nurse (RN 1) had handed the discharge packet to Patient 2, containing the discharge instructions and prescription for Patient 1. During an interview on 8/29/14 at 11:40 a.m., CR stated Patient 2's family member returned the incorrect discharge packet to the hospital, and told CR he did not notice it was the wrong discharge packet until the pharmacy staff noticed the error. CR stated she looked at the discharge packet and noticed it had Patient 1's information. CR stated Patient 1's name, date of birth, medical record number, medication, and medication instructions had been disclosed.A review of a copy of the discharge instructions which were given to Patient 2 on 2/27/14 indicated Patient 1's name, account number, diagnoses, discharge instructions, prescription, and medication instructions had been disclosed.A review of a copy of a letter dated 3/27/14, from the hospital to Patient 1's family member indicated the hospital's privacy officer had been notified by email on 3/24/14, Patient 2 had inadvertently received Patient 1's discharge instructions and discharge prescription. A review of a copy of the hospital's 10/28/11 "Data Confidentiality" policy indicated confidential information is delivered to the person(s) designated to receive it. Employees will not reveal confidential information to third parties without proper written authorization. Appropriate safeguards should be taken to protect the privacy of data.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280