Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 23, 2012. Also cited in 72 other reports.
Report ID: 397611.02, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview and record review, the hospital failed to ensure its policy and procedure relative to the facsimile (fax) transmission of protected health information, was implemented. The failure to follow the hospital procedure resulted in a misdirected and unauthorized release of health record information, belonging to 1 of 1 sampled patients (Patient 1).Findings:An onsite visit of the hospital was conducted on 5/23/12, in response to a hospital report about an inadvertent and unauthorized release of Patient 1's health record information via facsimile transmission. On 5/23/12 at 3:40 P.M., an interview was conducted with a staff coordinator from Patient Relations and Risk Management. She indicated that on 5/08/12, Patient 1's Physical Therapy and Discharge notes were being faxed by the physical therapist to the patient's physician. A wrong fax number however, was dialed thus leading to the mis-directed, inadvertent and unauthorized release of Patient 1's health information to another person (private residence). The document contained the following information: patient's name, date of birth, medical record number, account number, physician's name, summary of patient's progress at discharge and dates of treatments. A review of the hospital's policy and procedure entitled Transmission of Facsimile Information, dated December 2011, was done during the visit. The hospital's policy provided a clear guidance on the appropriate procedures for management of facsimile transmissions in order to safeguard the confidentiality and security of information, including patient protected health information. Per hospital policy, the sender of fax information should verify the accuracy of the fax number and the intended recipient before sending the fax. The fax number should be validated to ensure the numbers entered were accurate and current. The transmittal confirmation should be checked to ensure the information went to the correct number and the right person.It was reported during the interview with the coordinator for Risk Management and Patient Relations on 5/23/12 at 3:40 P.M. that a patient care access representative was the person who wrote down the wrong fax number for Patient 1' s physician. The access representative staff and physical therapist failure to validate the accuracy of the physician's fax number information prior to sending out the document was in violation of the hospital's policy and procedure on facsimile transfer of information and patient's right to confidentiality of his/her health record information.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights