Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST. HELENA HOSPITAL CENTER FOR BEHAVIORAL HEALTH
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 30, 2012. Also cited in 13 other reports.
Report ID: G08X11, California Department of Public Health
Reported Entity: ST. HELENA HOSPITAL CENTER FOR BEHAVIORAL HEALTH
Issue:
Based on interview and document review, the hospital failed to prevent unauthorized access to one patient ' s protected health information (PHI).Findings:In interview on 10/30/12 at 9:45 am, Staff A stated she learned on 7/7/11 that on 7/6/11, Patient 1 complained that information about her condition was given to an unauthorized person. Patient 1 stated that Staff B told Patient 1's mother that Patient 1 was sleeping and was taking Ativan, a medication used to reduce anxiety. Patient 1 stated that she had not given the hospital permission to discuss her personal medical information over the phone with callers.Review of Patient 1's record on 10/30/12 demonstrated that on admission, she had signed the patient consent for release of information form on 7/4/11. She had checked the box for "want the following persons only notified of my admission." She did not check the box for "want the following persons notified of my admission and given information regarding my care." She listed her mother and sister as the only people who could be notified of her admission.In interview on 10/30/12 at 10:30 am, Staff C stated that Staff B (not available for interview) told her that she had checked the release of information sheet and believed that it was all right to tell Patient 1's mother that Patient 1 had requested something for anxiety and was sleeping.Review of the medical record on 10/30/12 demonstrated that Patient 1 had been admitted as a suicide threat, had a high blood alcohol level, and had been diagnosed with bipolar disorder. None of that information was released to her mother.Document review on 10/30/12 demonstrated that patients have the right to request restrictions on certain use and disclosure of PHI and restrictions on the information that may be released to family or friends.Patient 1 was notified on 7/7/11 that her PHI had been breached. The Department was notified on 7/11/11, within 5 business days of discovery.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280