Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 20, 2012. Also cited in 72 other reports.
Report ID: WG3711.01, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview, document and record review, the hospital failed to ensure that one patient's (Patient A) personal information was not given to another patient (Patient B) without Patient A's authorization.Findings:Patient A was admitted to the hospital and underwent an Endoscopic Retrograde Cholangiopancreatography (ERCP) procedure ( a procedure that allows the physician to diagnose and treat problems in the liver, gall bladder, bile ducts and pancreas), on January 4, 2012.An interview was conducted on 2/16/12 at 3:40 P.M., with Registered Nurse (RN 1) who was assigned to assist with Patient A's ERCP. RN 1 stated that she and an Endoscopy Technician (ET) were called in to assist with 3 ERCP procedures on 1/4/12. RN 1 stated that she had all three patient's endoscopy paper work lined up. After finishing the first case, RN 1 and the ET started to get ready for the second case. Another RN took Patient A's paper work out into the hallway to bring Patient A in to the endoscopy suite. RN 1 accidentally grabbed a label from the 3rd patient's paperwork and and handed the label to the ET who then entered Patient B's personal information in to the computer. During Patient A's ERCP, the physician took eight photographs. The photographs were printed on two pieces of paper, four photographs per page. Each page of photographs contained Patient B's name, age, and date of birth. On 1/6/12, when Patient A's physician was making rounds he handed the 2 pages of photographs to Patient A. When Patient A's son came to visit he noticed right away that Patient B's name was on the photographs and he took the photographs to the nurses station and gave them to a nurse. About a week after the procedures, RN 1's supervisor called her to tell her about the incident. That is when RN 1 was able to figure out what had happened. RN 1 stated that she was not following hospital policy and procedure, when she gave the ET Patient B's personal information to enter in to the computer intended for Patient A's procedure. A review of the hospital's policy and procedure entitled "Health Information, Access, Use and Disclosure," indicated that the hospital "shall access use and disclose protected health information with authorization of patient/legal representatives and in accordance with mandated state and federal disclosure requirements..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights