ST MARY MEDICAL CENTER

Report ID: GRGH11, California Department of Public Health

Reported Entity: ST MARY MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when a telemetry Registered Nurse (RN 1) gave Patient A's PHI to Patient B instead of the intended recipient. This failure resulted in an unauthorized release of PHI for Patient A.Finding:On November 10, 2014 at 2:40 PM, a phone interview was conducted with Risk Management Accreditation Manager (RMAM) regarding the entity reported incident of a breach of PHI for Patient A which was detected on September 26, 2014. The RMAM stated, "The telemetry nurse (RN 1) tried to help with the discharge process and although she went through each paper individually to ensure all information had the correct PHI for the patient it did not end up that way."During a review of the documentation of the PHI given to the wrong recipient, the information provided to Patient B included: Patient A's name, date of birth, medical record number, medical account number, age, sex, date of service, and discharge information.A review of the facility's policy and procedure titled, "Confidentiality Policy," dated January 24, 2012 indicated: "The employee will follow all (name of corporation's) policies and procedures and the (name of corporation) Standards of Conduct and take all precautions to prevent any intentional or unintentional use or disclosure of any trade secrets or confidential information about the (name of corporation) its employees, and its programs." The failure to ensure the correct patient information was given to the right recipient resulted in the unauthorized release of Patient A's PHI to an unintended third party, Patient B.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights