Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SHARP CHULA VISTA MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 13, 2013. Also cited in 46 other reports.
Report ID: XQTM11.01, California Department of Public Health
Reported Entity: SHARP CHULA VISTA MEDICAL CENTER
Issue:
Based on interview, document and record review the hospital failed to ensure that one patient's (Patient A) personal and protected health information (PHI) was kept confidential and not shared with another patient (Patient B) without Patient A's prior authorization.Findings:An on sight investigation of an entity reported privacy breach was initiated on 2/13/13 at 2:30 P.M. An interview was conducted with the Emergency Department (ED) Registered Nurse (RN) Manager (EDRNM) on 2/13/13 at 3:00 P.M. The EDRNM stated that Patient A and Patient B were both treated in the ED on 1/23/13. After being treated and receiving a lot of pain medication, Patient B wanted to leave against medical advice (AMA). An ED Staff RN (RN 1) cut-off Patient B's arm band, then, the ED physician (MD) decided to discharge Patient B. RN 1 was assigned to care for both Patient A and Patient B. RN 1 proceeded to take Patient A's discharge instructions to Patient B. RN 1 asked Patient B "is this your name?" Patient B replied "yes". So, RN 1 handed Patient A's discharge instructions to Patient B.Patient A's discharge instructions contained the following personal and PHI:Patient's nameDate of BirthHome Phone NumberMedical Record NumberName of Laboratory Tests PerformedName of Radiology Test Performed.A review of the hospital's policy and procedure, entitled Confidentiality of Information and dated 8/12, indicated that "Workforce members are expected to:1. Follow all policies and department specific procedures appropriated to their role and responsibilities.2. Protect all sensitive information from unauthorized access, use and disclosure.3. Maintain safeguards for protection of sensitive information. An interview was conducted with RN 1 on 2/21/13 at 3:30 P.M. RN 1 stated that Patient B was rushing to leave AMA and RN 1 was rushing to give Patient B her discharge instructions. RN 1 acknowledged that she did not take reasonable safeguards to protect the confidentiality of Patient A's personal and PHI when she failed to:1. Ask the patient her name and date of birth.2. Remove the patient's wrist band.3. Check the patient's name and date of birth on the wrist band.4. Review each page of the discharge instructions with the patient.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights