Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 9, 2013. Also cited in 72 other reports.
Report ID: 4T5W11, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview, document and record review the hospital failed to ensure that one patient's (Patient A) personal and protected health information (PHI) was kept confidential and not disclosed to the resident of a private home without Patient A's prior authorization.Findings:An on site initiation of an entity reported privacy breach was conducted on 8/9/13 at 11:30 A.M. At that time, an interview was conducted with the hospital's Clinical Risk Specialist (CRS). The CRS stated that on 7/16/13 a Certified Nursing Assistant (CNA) was working at the front desk of the 11th floor nursing unit. The CNA received a phone call from an unidentified source stating that she had received a facsimile transmittal (fax) at her home containing three pages of medication treatment information for Patient A. The fax number at the private home ended in the last four digits 8835. The CRS explained that the fax was intended to be sent to a local pharmacy whose fax number ended in the last four digits of 8855.On 9/17/13 at 3:40 P.M., an interview was conducted with the Unit Secretary (US) of the 11th floor nursing unit who was responsible for sending the fax. The US stated that on 7/15/13, she was asked to fax a prescription to a pharmacy for a patient being discharged (Patient A). A Registered Nurse prepared the fax cover letter. The correct fax number was on the cover letter. The US stated that when she sent the fax transmittal she inadvertently transposed one of the ten digit numbers. A review of the three page medication treatment information revealed that the personal and protected health information that was inadvertently faxed to a private individual contained the following:1. Patient's Name2. Date of Birth3. Age4. Sex5. Account Number6. Medical Record Number7. Physician's Name8. Prescriptions for Three MedicationsDuring the interview with the US, the US explained that the hospital's expectation is that, when faxing personal and PHI, the sender should:1. Double check the fax number before hitting the "send" button.2. Place a call to the intended recipient to confirm receipt.3. Print a fax journal to confirm the fax number that the document was sent to.The US acknowledged that she did not perform any of the three steps to safeguard the fax transmittal. The US acknowledged that she was not following hospital's policy and procedure.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights