Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
MARIN GENERAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 15, 2014. Also cited in 63 other reports.
Report ID: E88L11, California Department of Public Health
Reported Entity: MARIN GENERAL HOSPITAL
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access to protected health information (PHI) of one patient (Patient 1), when the facility discharged another patient with part of Patient 1's medical record. This failure resulted in an unauthorized disclosure of Patient 1's PHI, and Patient 1's privacy was not protected.Findings:During an interview on 12/15/14, at 3:30 p.m., Compliance Officer A stated that facility staff breached Patient 1's PHI on 11/19/14. Compliance Officer A stated that the facility's nursing service was ultimately responsible for the breach, as it was responsible for collecting PHI in anticipation of a patient transfer or discharge. Two documents were breached: Patient 1's discharge medication list and Patient 1's discharge summary.During an interview on 1/9/15, at 10:45 a.m., Complaince Officer A stated the facility completed the facility's investigation into the breach. Compliance Officer A indicated that multiple services were involved. Compliance Officer A stated that facility nurses "combined" PHI of two patients by mistake and gave the combined record to case management, who transmitted the records to the other facility. The facility policy and procedure titled "Discharge/Transfer of In-House Patients to Home or Another Level of Care" (the Policy), dated 1/20/10, indicated the facility's process for facilitating an "appropriate" and "meaningful" patient transfer or discharge. As written, the language of the policy fails to identify the confidentiality risk inherent in either process. The policy instructs staff on what PHI must be prepared. It does not inform staff of the need to preserve confidentiality while preparing those materials. Moreover, it does not explicity safeguard PHI or impose any checks to ensure protection of confidentiality.The incident resulted from the faclity's failure to standardize and implement a sub-process to validate the accuracy and completeness of PHI, before transfering that PHI as part of the patient transfer or discharge process.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280