Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Mercy Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 12, 2013. Also cited in 34 other reports.
Report ID: RWNR11.01, California Department of Public Health
Reported Entity: MERCY MEDICAL CENTER
Issue:
Based on staff interview, clinical record, and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when: 1. the lab slip in the General Medical Clinic for Patient 1 had Patient 2's identification sticker on it. 2. Patient 3's transfer packet from the emergency room contained two of Patient 4's forms. This failure resulted in a breach of Patient 2 and Patient 4's right to confidential treatment of PHI and possibly unauthorized use.Findings:For ERI CA003190101. On 7/12/13 at 1:15 p.m., during an interview, the hospital privacy officer stated the Licensed Vocational Nurse (LVN) put the wrong patient identification sticker on Patient 1's General Medical Clinic lab slip. Patient 2's identification sticker on the lab slip contained PHI breached information which included personal information: patient's full name, date of birth, service account number and medical record number. The hospital's policy titled "Information Management" was implemented 12/09. Under, "I. POLICY: It is the policy of (the hospital) to comply with state and federal regulations regarding safeguarding of physical and electronic form of Protected Health Information (PHI). Staff shall provide appropriate access to its information based on a need-to-know basis while preserving its confidential integrity..." For ERI CA00324392 1. On 7/12/13 at 11:15 a.m., during an interview, the hospital privacy officer stated two of Patient 4's forms were placed in Patient 3's transfer envelope.Patient 4's forms contained PHI breached information which included personal information: patient's full name, date of birth, address, telephone number, diagnosis, service account number, and medical record number. The hospital's policy titled "Information Management" was implemented 12/09. Under, "I. POLICY: It is the policy of (the hospital) to comply with state and federal regulations regarding safeguarding of physical and electronic form of Protected Health Information (PHI). Staff shall provide appropriate access to its information based on a need-to-know basis while preserving its confidential integrity..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights