ST MARY MEDICAL CENTER

Report ID: W18911.01, California Department of Public Health

Reported Entity: ST MARY MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to notify the California Department of Public Health (CDPH) within the required five business days upon discovery that Patient A's e-MAR (electronic Medication Administration Record), and Patient B's consult order were commingled with Patient C's medical information being sent to an outside facility. This had the potential for a delay in the investigation of this breach of Patients'A and B's protected health information (PHI)>Finding:During an interview with the Risk Management Data Analyst on July 11, 2014 at 2:00 PM, the Analyst verified that the facility did not notify CDPH within the required five business day timeframe upon discovery of a breach. The Analyst was not aware of why there was a delay in notification to CDPH.During record review it was noted that Patient C was transferred from the facility to another general acute care hospital (GACH 2) on June 18, 2013. GACH 2 notified the facility (GACH 1) on August 13, 2013, that there were other patient's PHI included in Patient C's medical informationt they had received. Included with Patient C's medical information was Patient A's e-MAR (electronic medication administration form), and Patient B's consult order. The notification of the breach from the facility to CDPH did not occur until August 27, 2013, ten (10) business days later.During a review of the facility's Policy and Procedure titled, "California Reporting Notification Requirements," dated July 19, 2013, the policy indicated "...[name of corporation]will provide written notice to CDPH within five business days after the unauthorized access."

Outcome:

Deficiency cited by the California Department of Public Health: HSC Section 1279

Related Reports:

The report containing this deficiency also includes information about 1 other violation. Note that these may be related to the same event: W18911.02