Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
MARIN GENERAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 13, 2013. Also cited in 63 other reports.
Report ID: S2W611.01, California Department of Public Health
Reported Entity: MARIN GENERAL HOSPITAL
Issue:
Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of Patient 1's protected health information, when laboratory results for Patient 1 were faxed to the wrong physician. This failure allowed the unlawful or unauthorized access of protected health information.Findings:The California Department of Public Health was notified on 7/30/13 that a breach of protected health information occurred on 7/26/13.During an interview on 8/13/13 at 2:45 p.m., Administrative Staff A stated that he received notification from Unlicensed Staff C on 7/26/13, that she had received a phone call from Physician D's office indicating that he had been faxed Patient 1's protected health information in error. During an interview on 8/13/13 at 2:45 p.m., Administrative Staff A also stated that Unlicensed Staff B had entered Physician D as the ordering physician instead of Patient 1's Physician, therefore the laboratory results had been sent to, the wrong doctor, Physician D. The protected health information included Patient 1's name, date of birth, medical record number, account number, all care provider's names, and lab results.During an interview on 8/13/13 at 2:45 p.m., Administrative Staff A further stated that it was an error in not following policy and procedure, on the part of Unlicensed Staff B, in that both Physician D and Patient 1's Physician had the same last names and Unlicensed Staff B did not double check the first name.A review of the facility Policy and Procedure for, "Transcription Business Rules" (9/25/12 ), reveals the following: "Rule 1. FOOTERS - cc listings: ALWAYS CHECK FACILITY ROSTER FIRST ...a. If only last name is given consult the latest Facility Staff Roster as your first point of reference: *If only one physician is found on the roster by the given last name, then go to Alt C and select that physicians name. If there is more than one doctor on the roster with the same last name, or one with a close sounding name and you are unsure what is being dictated, then create a new contact for the name given and upload...b. If first and last name is given, verify the physician name in the facility Roster first. The name must be identical. Then search the edit script database for the doctor to be CC'd". A review of the facility Policy and Procedure for, "CONFIDENTIALITY AND NON-DISCLOSURE AGREEMENT" (no date), reveals the following: "Obligations Regarding Confidentiality Patient health and facility organizational information is protected by law and by facility policies. The intent of these laws and policies is to assure that confidentiality of information is maintained while used for business and clinical operations."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280