Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SHARP CHULA VISTA MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 15, 2014. Also cited in 46 other reports.
Report ID: G1R211, California Department of Public Health
Reported Entity: SHARP CHULA VISTA MEDICAL CENTER
Issue:
Based on interview and record review the hospital failed to ensure that employees maintained the confidentiality of protected health information (PHI) when a letter which contained Patient 1's medical information was inadvertently placed with paperwork for another patient and given to an outside vendor. Failure to protect PHI allowed the outside vendor unauthorized access to Patient 1's medical information which was not in accordance with the hospital's Health Information policy. Findings:An on site investigation of an entity reported privacy breach was initiated on 5/15/14 at 1:30 P.M. At 1:45 P.M., an interview and review of the disclosed medical information with the Utilization Review (UR) employee was conducted. The UR stated when the vendor arrived to the department, she had printed information for a patient who was being evaluated for lower level of care. She gathered her printed documents but did not verify the information given to the vendor. The UR stated in their department other departments use the same printer. Upon discovery, the vendor contacted the department to inform of the error in the receipt of Patient 1's documentation and returned the documentation. A review of the unauthorized disclosed documentation which included Patient 1's name, date of admission, a summary of diagnoses, medications and treatments. An interview with the Manager of Case Management and Social Services (MCMSS) was conducted on 5/15/14 at 1:55 P.M. The MCMSS stated the hospital provided training of Health Insurance Portability and Accountability Act (HIPAA-privacy law to protect certain health information). She stated it was an unfortunate accident and confirmed that several departments shared the same printer. The MCMSS acknowledged that the hospital's policy was not followed when Patient 1's PHI was inadvertently given to an outside vendor.The UR employee's failure to double check and validate the printed documents to confirm that the only documents prepared to provide to the outside vendor prior the distribution, resulted in the inadvertent and unauthorized release of protected health record information. This was also in violation of the patient's right to confidentiality of all communications and record pertaining to health care received at the hospital. A review of the hospital's policy titled Health Information- Access, Use And Disclosure was conducted on 5/15/14 at 2:00 P.M. The policy indicated "III. A. Commitment Statement: Sharp will disclose protected health information with authorization of the patient/legal representatives..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights