Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 30, 2013. Also cited in 72 other reports.
Report ID: O0N211.03, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview and record review, the hospital failed to safeguard protected health information (PHI- is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual) from unauthorized person(s) in accordance with their policies and procedures, for 1 of 2 sampled patient (2). Patient 2's placenta and its container were given to the wrong patient. The container had a patient label that contained the following confidential patient information: patient's name, medical record number, date of birth, date of admission, account number, and physician's name.Failure to follow the hospital's policy related to health information disclosures and release of a placenta to the patient, led to the inadvertent and unauthorized disclosure of Patient 2's confidential and protected health information. Findings:Patient 1 was admitted to the hospital on 6/29/13 for childbirth per the Facesheet. Patient 2 was admitted to the hospital on 6/29/13 for childbirth per the Facesheet.On 7/3/13 at 11:07 A.M., Patient 1 requested in writing the release of her placenta. At 11:40 A.M., a placenta was released to Patient 1.On 9/20/13 at 3:16 P.M., the hospital reported to the Department of Public Health that Patient 1 contacted the hospital on 9/13/13. Patient 1 informed them she removed the placenta from her freezer and identified that her name was not on the patient label that was located on the outside of the container that held the placenta. Patient 1 said that the patient label had Patient 2's name on it. A phone and joint record review with Registered Nurse (RN 1) was conducted on 5/14/15 at 1:05 P.M. RN 1 stated that she ensured that all the documents were completed and released a placenta to Patient 1 per her request. RN 1 stated that she did not validate that the name on the patient label located on the outside of container holding the placenta was the same name as the patient receiving it. RN 1 confirmed that the patient label (located outside of the placenta container) contained the following patient information: patient's name, medical record number, date of birth, date of admission, account number and physician's name. She explained that usually the patient's identification band was checked but in this case, any form of identification should have been checked prior to releasing the placenta to the patient. She acknowledged that she gave Patient 1 the wrong placenta. According to the hospital's policy titled "Placenta, Release to Patient", dated 10/15/12, the policy's purpose was to establish requirements and a process for the release of the placenta to the patient. The policy stipulated to "Verify identification on the placenta container with the patient identification band."According to the hospital's policy titled "Health Information, Access, Use and Disclosures", dated 9/30/13, the policy indicated that the hospital shall access use and disclose protected health information with authorization of patient/legal representatives and in accordance with mandated state and federal disclosure requirements. Per the same policy, it indicated that "All personnel providing services within the (hospital name) organization to include but not limited to employees, volunteers, physicians, Allied Health Professionals, students and contracted and affiliated business associates are responsible for: 1. Awareness of this policy and it's requirements for protecting patient health information from unauthorized access, use or disclosure...."A phone interview with the Labor and Delivery Nurse Manager (LDNM) was conducted on 5/14/15 at 1:36 P.M. The LDNM acknowledged that RN 1 should have checked or verified the identification on the placenta container with the identification of the patient receiving the placenta. A phone interview with the Clinical Risk Specialist (CRS) was conducted on 5/14/15 at 1:45 P.M. The CRS acknowledged that Patient 2's confidential patient information was inadvertently disclosed to Patient 1 which was not in accordance with the hospital's policy.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights