HIPAA Helper »
ST BERNARDINE MEDICAL CENTER »
Jul 30, 2013

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

ST BERNARDINE MEDICAL CENTER

2101 N WATERMAN AVE SAN BERNARDINO,CA 92404

Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 30, 2013. Also cited in 41 other reports.

Report ID: OZP111.01, California Department of Public Health

Reported Entity: ST BERNARDINE MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A when Patient B received discharge instructions for Patient A upon discharge from the emergency department (ED), resulting in a breach of Patient A's PHI, placing Patient A at risk for identity theft. FINDINGS:On February 26, 2013 at 10:00 AM, while at the facility, an interview was conducted with the facility privacy officer (FPO) to investigate an entity reported incident of a possible breach of Patient A's PHI.On July 30, 2013, a review was conducted of the entity reported incident. The Facility investigation was also reviewed which revealed that on October 28, 2012, during discharge from the Emergency Department (ED), Patient B was given Patient A's discharge instructions. Patient A's PHI which was given to Patient B without authorization included the following: The discharge form which is computer generated and titled: "Exit Care Patient Information," which included the nature of the patient's condition, patient name, name of facility, the time and date of visit, and the primary care giver seen in the ED.On August 14, 2013, at 12:45 PM, during a phone interview with the facility privacy officer who confirmed the incident, she stated that she could provide no additional information as to how this incident had occurred. She further stated that this incident was due to a human error.The Facility failed to protect patient rights regarding maintaining the privacy and confidentiality of patient PHI, which resulted in Patient A being placed at risk of identity theft, when Patient A's PHI was given to an unauthorized recipient.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: 0NXD11.01, VIVR11.01

Do you believe your privacy has been violated? Here’s what you can do: