Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 9, 2012. Also cited in 72 other reports.
Report ID: Z8WN11.01, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview, document and record review, the hospital failed to ensure that one patient's (Patient A) personal and protected health information (PHI) was kept confidential and not disclosed to another patient (Patient B), without Patient A's authorization.Findings:Patient A and Patient B were both treated in the hospital's Emergency Department (ED) during the day on 7/24/12. Patient A and Patient B were discharged from the ED within five minutes of each other.An interview was conducted on 8/16/12, at 3:00 P.M. with the ED Registered Nurse (RN 1) assigned to prepare both patients for discharge. RN 1 stated that in the afternoon of 7/24/12, she printed out Patient B's discharge paper work. She grabbed all the papers from the printer and stapled them together. Then, RN 1 went in to Patient B's room and went over a few pages with Patient B but she did not check every page to verify that they all the paper work belonged to Patient B. RN 1 had stapled Patient A's ED Discharge Medication List to Patient B's paperwork. The Discharge Medication List contained the follow personal and PHI of Patient A:1. Patient's Name2. Name of Physician3. Date of ED Visit4. Age5. Date of Birth6. Account Number7. Medical Record Number:8. List of Current medications9. Discharge Medication with InstructionsA review of the hospital's policy and procedure, entitled "Confidentiality of Information" Patient, Financial, Employee, and Other Sensitive and Proprietary Information" and dated 11/10, indicated that "It is the responsibility of every [hospital name] employee...having access to [hospital name] information to follow all of the [hospital name] policies and procedures and to safeguard all Confidential information."During the interview, RN 1 acknowledged that she was not following hospital policy and procedure when she did not apply reasonable safeguards to protect disclosure of Patient A's health information.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights