Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 5, 2014. Also cited in 46 other reports.
Report ID: W5JO11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview, and record review, the facility failed to ensure that a registered nurse (RN 1) verified the name on the prescription given to Patient B upon discharge. This failure resulted in a breach of confidentiality, when Patient B received a prescription that contained Patient A's confidential information.Findings:A phone interview was conducted with the Facility Privacy Officer (FPO) on August 6, 2014 at 2:00 PM, to investigate a self-reported incident of a possible breach of protected health information (PHI) for Patient A. The FPO stated, "Patient A and B were admitted to outpatient surgery on September 30, 2013. Patient B was admitted to the facility overnight. On October 1, 2013, RN 1 inadvertently gave a handwritten prescription with Patient A's name on it to Patient B at time of discharge. RN 1 did not double check the name on the prescription with Patient B's name prior to discharge, to make sure it was the correct prescription for Patient B. Approximately one (1) hour after discharge, Patient B returned to the facility with the prescription that contained Patient A's name. MD 1 was notified and called in a new prescription for Patient B."A review of the prescription inadvertently given to Patient B was conducted on August 6, 2013. The prescription contained: Patient A's name, date of birth, and a prescription for thirty (30) Norco tabs (narcotic pain medication).A review of facility policy and procedure titled, "Safeguarding PHI and Sensitive Information", dated January 12, 2012, indicated:"1. Policy: it is the policy of (name of facility) to provide appropriate access to its information based on need-to-know basis while preserving its confidentiality and integrity."The failure of RN 1 to double check the name on the prescription, given to Patient B at time of discharge on October 1, 2013, resulted in a breach of Patient A's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights