Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSP SO SACRAMENTO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 7, 2014. Also cited in 16 other reports.
Report ID: 5LZ511.01, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSP SO SACRAMENTO
Issue:
Based on interviews and document review, the facility failed to prevent the disclosure of protected health information (PHI; identifiable information about an individual's physical or mental health) when Patient 1's healthcare information was inadvertently given to another patient upon discharge.Findings: As evidenced by facility document review, Patient 1 was seen at the facility Emergency Department (ED) in July of 2014. The document read, "a document containing [Patient 1's] protected health information was inadvertently included in the discharge paperwork of another patient seen [at the facility] ED." A copy of Patient 1's July 2014 document, given to the other patient, included the following confidential patient information: Patient 1's medical record number, name, address, date of birth, and date of service. The document also described Patient 1's presentation upon arrival to the ED and relative health history. In an interview with the Program Manager for Compliance (PM) on 11/7/14 at 12:15 p.m., the PM explained that a faxed document (from another facility, pertaining to Patient 1) was placed inadvertently in the discharge packet of another ED patient. During an interview with the Administration Services Supervisor (AS) on 11/7/14 at 12:20 p.m., the AS stated it was the clerks responsibility to check the discharge paperwork prior to giving it to the patient. The AS explained the ED staff did not follow "the protocol", to ensure the right paperwork went to the right patient. Despite request, the facility did not provide the Department with a written protocol or procedure utilized by facility staff for the identification and verification of its patients. A 2012 facility policy and procedure titled, "Obligation Regarding Confidentiality" noted, "Employees are required to protect confidential patient...information form unauthorized access, use or disclosure." The 2013 facility "Notice of Privacy Practices" given to each patient upon arrival to the hospital read, "By law, we must protect the privacy of your PHI..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280