SAN FRANCISCO GENERAL HOSPITAL

Report ID: 8WR811.02, California Department of Public Health

Reported Entity: SAN FRANCISCO GENERAL HOSPITAL

Issue:

Based on interview and record review, the facility failed to notify the patients affected by the breach of their medical information within the required five days after discovery of the breach.Findings:In an interview on 11/29/12 at 2:45 PM, the facility's staff discussed the information breach described in detail in this document. The facility's Director of Regulatory Affairs (DRA) stated the 39 patients whose information had been breached were notified by letter on 11/19/12.Review of the 10/22/12 letter from the DRA informing the California Department of Public Health (CDPH) of the information breach indicated the breach was initially discovered on 10/16/12. This letter was faxed to CDPH on 10/22/12 at 5:33 PM.Review of the copies of the letters sent to the 39 patients of the Occupational Health Services (OHS) about the possible breach indicated all of the letters were mailed to the patients on 11/19/12. This was 34 days after discovery.In a telephone interview on 12/20/12, the DRA confirmed that the letters had not been sent to patients within the five day time frame specified in the regulations. The DRA stated there was confusion at the facility regarding the role of the Privacy Officer in this case since she was also the Interim Manager of the OHS department and she was actively involved in the contractual dispute discussions with the Licensed Nurse (LN 1) who subsequently faxed the material over the unsecured and unauthorized fax line.

Outcome:

Fine imposed and deficiency cited by the California Department of Public Health: Medical Breach

Related Reports:

The report containing this deficiency also includes information about 1 other violation. Note that these may be related to the same event: 8WR811.01