SAINT AGNES MEDICAL CENTER

Report ID: HQF911, California Department of Public Health

Reported Entity: SAINT AGNES MEDICAL CENTER

Issue:

Based on staff interview, clinical and administrative document review, the facility failed to keep Protected Health Information (PHI) confidential when: 1. Patient 1's credit card information and account number were on a document sent to another patient. (CA00365634)2. Patient 2's account number and credit card information was sent to the wrong patient. (CA00365635)These failures placed the PHI for Patient 1 and 2 at risk for possible unauthorized use.Findings:CA003656341. On 8/27/13 at 4:05 pm, during a telephone interview, Staff 1 (Privacy Officer) stated Patient 1's financial information including credit card information and medical account number was mailed to the wrong patient. Patient 1's PHI breached include: name, account number and credit card number.The Hospital's Policy and Procedure titled "Use and Disclosure of Protected Health Information", dated August 15, 2002, indicated "The Organization will have in place appropriate administrative, technical and physical safeguards to protect the privacy of Protected Health Information(PHI)." CA003656352. On 8/27/13 at 4:25 pm, during an interview, Staff 1 (Privacy Officer) stated Patient 2's PHI was mailed to the wrong patient. The accounting clerk put the document in the wrong envelope without double checking for correct Patient information.Patient 2's PHI breached included name, account number, social security number, and account balance. The Hospital's Policy and Procedure titled "Use and Disclosure of Protected Health Information", dated August 15, 2002, indicated "The Organization will have in place appropriate administrative, technical and physical safeguards to protect the privacy of Protected Health Information(PHI)."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights