Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST MARY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 17, 2014. Also cited in 55 other reports.
Report ID: 1JSO11.01, California Department of Public Health
Reported Entity: ST MARY MEDICAL CENTER
Issue:
Based on interview and record review the facility failed to ensure the confidential treatment of Patient A's protected health information (PHI) when a Patient Care Coordinator assembled Patient B's chart and included Patient A's lab requisition and medication reconciliation forms in preparation for her April 18, 2014 visit. The error was discovered on May 29, 2014 during a subsequent visit.Findings:On December 9, 2014 at 10:35 AM, a phone interview was conducted with Employee 1 and the Risk Manager (RM) regarding an entity reported incident of a breach of PHI for Patient A, detected on May 29, 2014. Employee 1 stated that on April 18, 2014 while accessing Patient B's medical information in "MediTech", she found the correct patient and verified the DOB. However, she must have hit the button on the computer too many times and another patient with the same name was brought up. She then selected the wrong patient, and printed the wrong information which was then added to the chart.The RM stated Patient A was notified of the breach of PHI.During a review of the documentation, copies of the lab requisition and medication reconciliation forms for Patient A were reviewed. The PHI disclosed were the patient name, DOB, age, labs ordered, medication regime, and allergies.A copy of the certified letter sent to Patient A dated June 4, 2014 informing her about the breach of PHI was reviewed.Employee A's training and educational documents were noted; Confidentiality Agreement signed and dated 4/11/13, General Orientation Verification, and Education Transcripts. A copy of the Employee Disciplinary Form reflecting a verbal warning was signed and dated by Employee 1 on 6/3/2014.A review of Actions Taken / System Changes included a review and reminder of the importance of using 2 patient identifiers during chart preparation. All front office staff were retrained during an inservice on 7/2/14. A copy of the training and those in attendance were reviewed.A review of the facility's policy and procedure titled "Confidentiality Policy" dated 1/22/14 reflects, "The employee will follow all SJHS Ministry policies and procedures and the SJHS Standards of Conduct, and will take all precautions to prevent any intentional or unintentional use or disclosure of patient health information without the signed authorization of the patient".The facility failed to ensure the correct patient information was printed from the computer and added to the correct chart resulting in an unauthorized release of Patient A's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights