ST MARY MEDICAL CENTER

Report ID: BOCP11.01, California Department of Public Health

Reported Entity: ST MARY MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when a Healthy Beginning Bright Future employee (Employee 1) gave a copy of Patient A's laboratory result to Patient B. This failure resulted in a breach of Patient A's PHI.Findings:On September 30, 2014 at 3:30 PM, a phone interview was conducted with the manager of Accreditation and Risk Management (MARM) regarding an entity reported incident of a breach of PHI for Patient A, on September 18, 2014. A copy of Patient A's laboratory result was accidentally given to Patient B. Upon filling Patient A's lab result in the medical record, Employee 1 failed to follow the standard process by using two patient identifiers prior to handing the copies to Patient B. Patient A and Patient B had the same last name but first name and date of birth were different.During a review of the documentation for Patient A that had been disclosed to Patient B, the document contained Patient A's name, date of birth, medical record number, medical provider and laboratory values.A review of the facility's policy and procedure titled, Confidentiality Policy," not dated, indicated under section "A," "Employees are required to follow all policies and procedures...regarding use and disclosure of business and patient information...in order to ensure that business and patient information is safeguarded at all times." The failure of employee 1 to verify the documents belonged to the intended recipient, Patient B, resulted in the unauthorized release of Patient A's PHI.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights

Related Reports:

1 other violation reported on the same date. Note that other citations may be about the same event: TYJE11.01