Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SHARP CHULA VISTA MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 7, 2013. Also cited in 46 other reports.
Report ID: EAZF11.01, California Department of Public Health
Reported Entity: SHARP CHULA VISTA MEDICAL CENTER
Issue:
Based on interview, document and record review the hospital failed to ensure that one patient's (Patient A) personal and protected health information (PHI) was kept confidential and not disclosed to 16 skilled nursing facilities without Patient A's prior authorization.Findings:An on site investigation of an entity reported privacy breach was initiated on 8/7/13 at 4:00 P.M. At that time, an interview was conducted with the Manager of Patient Relations and Risk management (MPR). The MPR explained that on 7/22/13 a Registered Nurse Case Manager (RN 1) inadvertently electronically transmitted Patient A's admission History and Physical, dated 7/15/13, to 16 skilled nursing facilities while she was working on the skilled nursing home referral request process for another patient (Patient B). A review of Patient A's History and Physical indicated that the document contained the following personal and protected health information (PHI):1. Patient's Name2. Medical Record Number3. Date of Admission4. Date of Birth5. Gender6. Primary Care Physician7. Chief Complaint8. History of Present Illness9. Past Medical History10. Medications11. Review of Systems12. Physical Examination13. Laboratory Data14. Physician Assessment15. Medical PlanA review of the hospital's policy and procedure, entitled "Confidentiality of Information" and dated 8/12, indicated that "Safeguarding of Information: Sensitive information collected and/or generated within [name of hospital] shall be maintained in such a manner that access to it is restricted to those with a need to know. Information will be restricted to those with a legal right under authorization, those participating in treatment, payment, healthcare operations and as mandated by state and federal laws in accordance with [name of hospital] policies."On 11/15/13 at 2:45 P.M., an interview was conducted with RN 1. RN 1 stated that on 7/22/13 she was working on skilled nursing facility placement for Patient B. Rn 1 got interrupted by a phone call regarding the discharge preparations for Patient A. After the phone call, RN 1 inadvertently electronically transmitted Patient B's History and Physical to 19 skilled nursing facilities. It was later verified that 16 of the skilled nursing facilities viewed Patient B's History and Physical. An interview was conducted with the Manager of Case Management and Social Services on 11/15/13 at 3:00 P.M. The Manager stated that it was her expectation that the RN Case Managers would open all attachments and check the patient's name and account number prior to sending an electronic transmittal of the document.During the interview with RN 1. RN 1 stated that she did not double check for Patient A's name on the History and Physical prior to transmitting Patient B's History and Physical. RN 1 acknowledged that she was not following hospital policy and procedure by not safeguarding Patient B's personal and protected health information.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights