Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SALINAS VALLEY MEMORIAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 13, 2014. Also cited in 14 other reports.
Report ID: PXRO11.01, California Department of Public Health
Reported Entity: SALINAS VALLEY MEMORIAL HOSPITAL
Issue:
Based on interview and record review, the hospital failed to prevent the unauthorized disclosure of patient health information (PHI) for one of two sampled patients (1), when a portion of Patient 1's discharge paperwork containing PHI was inadvertently given to Patient 2 upon her discharge. This failure resulted in the disclosure of Patient 1's PHI to an unauthorized individual. Findings:The California Department of Public Health received a faxed report on 8/15/14, which indicated on 8/12/14 Patient 2 telephoned the hospital to notify them upon discharge, she had received Patient 1's demographic data, social security number, insurance information, and medical profile.During an interview on 11/13/14 at 2:40 p.m., the interim privacy officer (PO) stated on 8/11/14 (faxed report indicated 8/12/14) Patient 2 called the hospital saying, upon discharge on 7/28/14, she had received Patient 1's test results, but she did not notice she had Patient 1's paperwork until 8/11/14.During an interview on 11/13/14 at 3:30 p.m., a staff secretary (HDS) stated Patient 2 had telephoned the hospital on 8/11/14 (faxed report indicated 8/12/14) and informed HDS, when Patient 2 was discharged on 7/28/14, her discharge packet contained a portion of records for Patient 1, but Patient 2 did not notice until two weeks later. HDS stated Patient 2 told her there were test results for Patient 1 included in Patient 2's discharge paperwork. HDS stated she had opened the envelope containing seven pages of Patient 1's paperwork, which Patient 2 had mailed to the hospital.A review of a copy of a letter from the hospital to Patient 1 indicated, on 7/28/14 a copy of Patient 1's Patient Health Summary and Discharge Instructions were inadvertently included in Patient 2's discharge packet. The letter also indicated Patient 1's summary of medical information, demographic information, discharge instructions, and insurance information, which included Patient 1's social security number, were disclosed to Patient 2.A review of a copy of Patient 1's Patient Health Summary and discharge instructions, dated 7/28/14, which had been included with Patient 2's discharge paperwork, disclosed Patient 1's name, address and telephone number, sex, marital status, date of birth, medical record number, family member's name, hospital name, a list of Patient 1's physicians, a list of insurance companies and policy numbers, medical information which included medications, procedures, functional status, laboratory test results, diagnosis, and discharge instructions including a planned surgery.A review of a copy of the hospital's 4/2/14 "Uses and Disclosures of Protected Health Information - General Rule" policy indicated PHI may be provided only for: the provision of patient care, billing of patient care, or research. PHI is limited only to individuals who need the information to carry out patient care duties.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280