Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Mercy Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 20, 2013. Also cited in 34 other reports.
Report ID: 5FD511, California Department of Public Health
Reported Entity: MERCY MEDICAL CENTER
Issue:
Based on staff interview, clinical record review and administrative document review, the hospital failed to ensure confidential treatment of Patient 1 and 2's protected health information (PHI) when Patient 1 and 2's PHI was faxed to a private residence instead of a nursing home.This failure resulted in unauthorized access to Patient 1 and 2's PHI and the potential for abuse of that information.Findings:On 9/20/2013 at 1 p.m., during a telephone interview, the Director of Medical Records (DMR) stated on 8/25/13, a hospital employee (RN Case Manager) faxed Patient 1 and 2's PHI to a private residence instead of the intended nursing home. The DMR stated the fax number should have been verified prior to the PHI being faxed but it was not.Patient 1's PHI breached included 22 pages of her medical record which contained: name, address, account number, medical record number, telephone number, relative's address and telephone number, insurance company and policy number, medical condition, treatment records, and lab results.Patient 2's PHI breached included 9 pages of his medical record which contained: name, address, account number, medical record number, telephone number, relative's address and telephone number, insurance company and policy number, medical condition, treatment records, and lab results.The hospital's policy and procedure titled "(HIPAA Regulation, Release of information in accordance with State and Federal" dated 10/12, indicated "It is the responsibility of the hospital to safeguard the integrity of content and the physical property of the patient chart, both paper and electronic, against loss, defacement, tampering or use by unauthorized individuals."The hospital's policy and procedure titled "Protected Health Information and sensitive information, safeguarding of" dated 12/09, indicated . . ."When faxing PHI or Sensitive Information make sure to confirm the fax number is approved to receive such information. . ."When manually entering a fax number, visually verify the correct fax number is being entered before sending."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights