Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAINT AGNES MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 12, 2013. Also cited in 16 other reports.
Report ID: 5MHH11, California Department of Public Health
Reported Entity: SAINT AGNES MEDICAL CENTER
Issue:
Based on staff interview, clinical record, and administrative document review, the hospital failed to ensure confidential treatment of Patient 1-6's protected health information (PHI) when:1. Patient 1's PHI was faxed to a delicatessen and not the patient's healthcare provider. (CA00353815)2. Patient 2's PHI was given to a different patient. (CA00355186)3. Patient 3's PHI was verbally given to patient within the hearing of unauthorized persons. (CA00355188)4. Patient 4's PHI was given to Patient 5 and Patient 5's PHI was given to Patient 4. (CA00356168)5. Patient 6's PHI was mailed to a different patient. (CA00360395)This failure resulted in unauthorized access to Patient 1 - 6's PHI and the potential for abuse of that information.Findings:CA00353815:1. On 7/12/13 at 1:00 p.m., during an interview, the Compliance Coordinator (CC) stated on 5/1/13, a hospital employee Customer Service Representative (CSR) faxed Patient 1's PHI to a delicatessen rather than her healthcare provider. The CC stated the fax number should have been verified prior to the PHI being faxed but it was not.Patient 1's PHI breached included her name, date of birth, medical record number, admission date, discharge date, account number, physician, and lab results.The hospital's policy and procedure titled "Use and Disclosure of Protected Health Information" dated 9/15/11, indicated "The organization will have in place appropriate administrative, technical, and physical safeguards to protect the privacy of Protected Health Information (PHI)."CA00355186:2. On 7/12/13 at 1:15 p.m., during an interview, the CC stated on 5/13/13, Registered Nurse (RN)1 gave the PHI for Patient 2 to a different patient. The error occurred because the RN did not thoroughly check the paperwork prior to handing it to the patient. The CC stated patient paperwork should be checked to prior to giving it to the patient to ensure the correct patient receives it.Patient 2's PHI breached included her name, date of birth, medical record number, admission date, transfer date, physician, and medication.The hospital's policy and procedure titled "Use and Disclosure of Protected Health Information" dated 9/15/11, indicated "The organization will have in place appropriate administrative, technical, and physical safeguards to protect the privacy of Protected Health Information (PHI)."CA003551883. On 7/12/13 at 1:30 p.m., during an interview, the CC stated on 5/12/13, Licensed Social Worker (LSW) 1 verbally discussed Patient 3's PHI with Patient 3 within the hearing of family members without Patient 3's authorization. The CC stated that the information should not have been discussed in front of others without Patient 's permission.Patient 3's PHI breached included lab results.The hospital's policy and procedure titled "Use and Disclosure of Protected Health Information" dated 9/15/11, indicated "The organization will have in place appropriate administrative, technical, and physical safeguards to protect the privacy of Protected Health Information (PHI)."CA003561684. On 7/12/13 at 1:45 p.m., during an interview, the CC stated on 5/19/13 at 2:30 p.m., Registered Nurse (RN) 2 gave Patient 4's PHI to Patient 5 and Patient 5's PHI was given to Patient 4. The CC stated that all paperwork should be checked to ensure that the correct patient receives it.Patient 4 and Patient 5's PHI breached included their names, birth dates, sex, admit dates, physician, financial number and medical record number. The hospital's policy and procedure titled "Use and Disclosure of Protected Health Information" dated 9/15/11, indicated "The organization will have in place appropriate administrative, technical, and physical safeguards to protect the privacy of Protected Health Information (PHI)."CA003603955. On 7/12/13 at 2 p.m., during an interview, the CC stated on 6/13/13 a hospital Customer Service Representative (CSR) mailed Patient 6's PHI to the wrong patient. The CC stated the CSR should have verified Patient 6's address prior to mailing the PHI.Patient 6's PHI breached included her name, address, medical records number, date of service, and financial account information.The hospital's policy and procedure titled "Use and Disclosure of Protected Health Information" dated 9/15/11, indicated "The organization will have in place appropriate administrative, technical, and physical safeguards to protect the privacy of Protected Health Information (PHI)."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights