Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 2, 2015. Also cited in 46 other reports.
Report ID: SZYG11, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when registered nurse (RN 1) who worked the Couplet Care Unit (a nursing department that cares for new moms and their newborns) gave Patient B, Patient A's prescription. This failure resulted in the unauthorized release of Patient A's PHI to Patient B.Findings:On April 1, 2015 at 9:00 AM, a telephone interview was conducted with RN 1. When asked to describe what happened, she stated on December 25, 2014 she was discharging (sending home) Patient B. She printed the discharge instructions and grabbed the prescription that was in Patient B's chart and gave them to Patient B. RN 1 stated she was later informed that Patient B was given a prescription written for Patient A.During a phone interview with the Department Manager (DM) on April 1, 2015 at 10:12 AM, the DM stated the breach of PHI was detected by the facility on December 26, 2014, when the husband of Patient B called the charge nurse (RN 2) and informed her that his wife (Patient B) received a prescription for another patient, (Patient A).A copy of the prescription was not available. The facility investigative report indicated that prescriptions normally contain the patient's name, prescription, date, and physician's name.On April 2, 2015 the Director of Quality Management (DQM) was asked for a copy of the letter sent to Patient A informing her of the breach of PHI which occurred on December 25, 2014.On April 7, 2015 A copy of the letter written to Patient A dated April 7, 2015 was received and reviewed. A review of the facility policy and procedure titled, "Safeguarding PHI and Sensitive Information" dated January 17, 2012 indicated, "It is the policy of (the facility) to provide appropriate access to its information based on a need-to-know basis while preserving its confidentiality and integrity".The facility failed to ensure the correct patient received the correct prescription resulting in an unauthorized release of Patient A's PHI to Patient B.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights