Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 8, 2013. Also cited in 72 other reports.
Report ID: 4DYJ11, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview and document review, the hospital failed to ensure that Patient 2's personal and protected health information (PHI) was kept confidential, when a health care worker gave Patient 2's radiology report to Patient 1 on discharge. As a result of this failure, Patient 1 had access to Patient 2's personal information. Findings:An on site investigation of an entity reported privacy breach was initiated on 11/8/13. It was reported to the California Department of Public Health that, on 9/28/13, that an unauthorized and inadvertent disclosure of Patient 2's ultrasound report was given to another patient (Patient 1) on discharge from the hospital.On 11/8/13 at 1:45 P.M., an interview was conducted with the clinical risk specialist (CRS) 1. The CRS 1 stated that Patient 1 and Patient 2 shared the same hospital room during their stay at the hospital. Patient 1 was discharged on 9/28/13, with discharge instructions and Patient 2's ultrasound report. This report included Patient 1's name, date of service, reason and type of procedure, findings, conclusion, medical record number, account number, date of birth, age, gender and the attending physician's name. The CRS 1 further stated, that Patient 1 contacted the hospital on 9/28/13, to make them aware he received Patient 2's ultrasound report. Patient 1 stated that when he realized it was not his report, that he stopped reading it and shredded the document. CRS 1 stated that licensed nurse (LN) 2 was the nurse assigned to both Patient 1 and Patient 2, and did Patient 1's discharge from the hospital. LN 2 had received the physician's order to discharge Patient 1 and; was to include a copy of his CT scan (A computed tomography [a test that makes detailed pictures of structures inside the body]) and gallbladder US (ultrasound [machine that creates images that allow various organs in the body to be examined]). LN 2 was "toggling" between Patient 1 and Patient 2's medical record in the computer when LN 2 printed Patient 2's ultrasound report and included it with Patient 1's discharge paperwork. A review of the hospital's policy and procedure, entitled "Health Information, Access, Use and Disclosure", dated 9/24/13, indicated "Policy: ... 3. Category III: Disclosure Requiring Authorization from the Patient/legal Representative a. Disclosure of Protected health Information for any reason... requires patient/legal representative authorization." The nursing staff's failure to check the record to validate the patient's name prior to the release of the document, resulted to the inadvertent and unauthorized release of protected health record information. This was also in violation of the patient's right to confidentiality of all communications and record pertaining to health care received at the hospital.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights