Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF SAN BERNARDINO
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 7, 2012. Also cited in 46 other reports.
Report ID: 5ZKB11, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO
Issue:
Based on interview and record review, the facility failed to ensure that the emergency room (ER) clerk followed facility protocols in identifying a patient prior to entering them into the computer. This breach resulted in Patient A being treated under a former patient (Patient B's name), which had the potential for Patient A to be unable to fill the prescriptions written for her but using Patient B's name.FindingsOn 8/7/12 at 1:00 PM an unannounced visit was made to the general acute care hospital (GACH) to investigate a facility self-report of a possible breach.During an interview with the director of health information technology (HIT)/facility privacy officer(FPO), at 1:15 PM she stated, "On 7/13/12, Patient A [used her name] was in the ER and the triage nurse was putting her information into the computer. Three times she asked the child's grandmother if the name was correct , to which the grandmother said that it was. When the finance clerks went to access the insurance information they could not locate any under the name that had been registered. Patient A [used her name], was born 5/20/99 and Patient B was born 11/7/99. Both had the same last name and similar first names, with only one letter making them different. It was the clerks who were asking the grandmother about her insurance who discovered the error.'During a review of the clinical documents printed off of the computer by the FPO at 1:50 PM, it was evident that Patient B had not been a patient in the GACH since 2001. During the same review of documentation, the FPO shared the letter sent to the family of Patient B alerting them of the breach.A review of the prescription for Patient A upon discharge from the ER on 7/13/12, for Auralgan (numbs ear pain), Cortisporin otic drops (antibiotic for ear infection) and Motrin (anti-inflammatory for pain), indicated that they contained Patient B's name but the first name had been crossed off and Patient A's name handwritten above.A review of the policy and procedure (P&P) titled, "Patient Identification Policy" dated 11/89, number 2.0 indicated, "Prior to placing the identification name band, ask the patient or patient family's member to state his/her name." Number 5.0 of the same policy for clinical service areas instructed staff to "verify patient identification by checking patient's identification band. Confirm the patient's name and medical record number on the identification band."During interview with the FPO, she stated , "The employee did not follow the P&P and have the patient tell her what her name was, she just asked if that was her name and they sound very close."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights