Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 8, 2012. Also cited in 72 other reports.
Report ID: NN6O11, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview, document and record review, the hospital failed to ensure that one patient's (Patient A) protected health information (PHI) was kept confidential and not shared with his roommate and two family members, without Patient A's authorization, in accordance with hospital policy and procedure.Findings:On 11/8/12, an on site investigation of an entity reported privacy breach was initiated. At 4:15 P.M., an interview was conducted with the Coordinator of Patient Relations-Risk Management. The Coordinator stated that, on 10/19/12, Patient A was admitted to a semi-private room on a medical/surgical unit of the hospital. Patient A's roommate was Patient B. Later that day, Patient A's physician suspected that Patient A may have tuberculosis. Therefore, Patient A was being moved to a negative pressure room.An interview was conducted with Certified Nursing Assistant (CNA 1) on 11/20/12 at 4:10 P.M. CNA 1 stated that, on 10/19/12, at about 2:00 P.M., she went to Patient A's room to check his vital signs. Before entering the room, the Unit Clerk motioned to CNA 1. CNA 1 went to talk to the Unit Clerk. The Unit Clerk told CNA 1 that Patient A had Tuberculosis. CNA 1 could not find Patient A's nurse so she went to the Charge Nurse. According to CNA 1, the Charge Nurse told CNA 1 to give masks to both Patient A and Patient B. CNA 1 gave a mask to Patient A and told him that there might be chance that he had tuberculosis. She said this in front of Patient A, Patient B and two of Patient A's family members. CNA 1 stated that she knew right away, as soon as she said this, that she had violated Patient A's confidentiality of his PHI.A review of the hospital's policy and procedure entitled "Health Information, Access, Use and Disclosure" indicated that, "[Name of hospital] shall access use and disclose protected health information with authorization of patient/legal representatives and in accordance with mandated state and federal disclosure requirements..." On 11/20/12 at 4:30 P.M., an interview was conducted with the Medical/Surgical Unit RN Manager. The RN Manager acknowledged that this was an unintentional breach of Patient A's protected health information.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights