Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SHARP CHULA VISTA MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 7, 2012. Also cited in 46 other reports.
Report ID: FS7G11.02, California Department of Public Health
Reported Entity: SHARP CHULA VISTA MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to safeguard protected health information (PHI) from unauthorized persons in accordance with their policies and procedures, for 1 of 1 sampled patients (Patient 1). Findings:On 4/26/12 at 3:28 P.M., the hospital reported to the Department that an unauthorized disclosure of patient information occurred when Patient 1's health information was found commingled with Patient 2's (wrong person) discharge paperwork.A review of Patient 1's medical record was conducted on 6/7/12 at 2:30 P.M. Patient 1 was admitted to the hospital's Emergency Department (ED) on 4/19/12 and was discharged the same day per the facesheet. Patient 1's discharge paperwork contained the following confidential patient information: full name, date of birth, age, full address, home phone number, name of medical insurance, listed chief complaint, diagnosis, home care instructions and list of medications.A review of Patient 2's medical record was conducted on 6/7/12 at 2:30 P.M. Patient 2 was admitted to the hospital's ED on 4/19/12 and was discharged on the same day per the facesheet.An interview with the licensed vocational nurse (LVN 1) was conducted on 6/7/12 at 2:45 P.M. LVN 1 acknowledged that he was informed that during the discharge process, Patient 1's discharge information was inadvertently disclosed to Patient 2. An interview with the Emergency Department Manager (EDM) was conducted on 6/7/12 at 3:00 P.M. The EDM acknowledged that Patient 1's ED discharge instructions and prescription information were disclosed to the wrong patient (Patient 2). She acknowledged that the hospital's policy related to health information access, use and disclosure was not implemented as written.A review of the hospital's policy entitled "Health Information: Minimum Necessary access, use and disclosure," current effect date of 7/11, was conducted. The policy indicated that the hospital staff shall take reasonable measures to limit each use and disclosure of protected health information (PHI) to the minimum amount necessary. Per the policy, it instructed hospital staff to disclose protected health information to the following:1) Health care providers who were involved in treating the patient or individual.2) The individual who was the subject of the information.3) Individuals with a valid authorization for use/disclosure.4) When the use or disclosure was in compliance with privacy regulations.5) The use and disclosure required by a court order or other laws.6) Disclosures to the Department for compliance or enforcement purposes.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights