Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSP SO SACRAMENTO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 7, 2014. Also cited in 16 other reports.
Report ID: YUQH11.01, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSP SO SACRAMENTO
Issue:
Based on interviews, clinical record and document review, the facility failed to prevent the disclosure of protected health information (PHI; identifiable information about an individual's physical or mental health) when Patient 1's discharge instructions were inadvertently given to another patient upon discharge.Findings:During a review of the Admission Records/Facesheets for Patient 1 and Patient 2, both were seen at the Emergency Department (ED) on the same evening (10/5/13). After both patients were assessed and treated, the two were discharged home from the ED a few hours apart. Facility documentation revealed Patient 2 was "discharged from the ED with copies of both his discharge paperwork and that of [Patient 1]." Patient 1's discharge paperwork included the following PHI: the Patient 1's name, medical record number, chief complaint upon arrival to the Emergency Department, his physician's name and medications. In a concurrent interview with the Administration Manager (AM) and Administrative Services Supervisor (AS) on 11/7/14 at 12:15 p.m., the AM explained that the wrong patient's discharge paperwork was put in Patient 2's discharge packet inadvertently. In the ED, the AM said, there is an area called the "Discharge Lounge" where the clerks are handed the discharge paperwork from the nurses. The AS explained that the clerks were responsible for checking the discharge documentation to ensure the right patient receives the right paperwork. Despite request, the facility did not provide the Department with a written protocol or procedure utilized by facility staff for the identification and verification of its patients. A 2012 facility policy and procedure titled, "Obligation Regarding Confidentiality" noted, "Employees are required to protect confidential patient...information form unauthorized access, use or disclosure." The 2013 facility "Notice of Privacy Practices" given to each patient upon arrival to the hospital read, "By law, we must protect the privacy of your PHI..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280