Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST MARY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 5, 2015. Also cited in 55 other reports.
Report ID: GHVO11, California Department of Public Health
Reported Entity: ST MARY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to protect the confidential, protected health information (PHI) for Patient A, when a copy of Patient A ' s x-ray report was given to Patient B, which resulted in the unauthorized release of Patient A ' s PHI. FINDINGS:On September 30, 2014, at 9:15 AM, a phone interview was conducted with the facility Manager of Accreditation /Risk Manager (MARM) to investigate the entity reported incident of a breach of Patient A ' s PHI. On June 5, 2015, at 4:30 PM, a review of the entity reported incident was conducted. The facility PHI Breach Report was also reviewed, which revealed that on April 7, 2014, Patient B entered the emergency department to obtain a copy of an x-ray (mammogram). The machine used to copy x-rays was not working. Patient B became upset and began to leave the facility. Employee 1 believed she was handing a copy of the consent Patient B had just signed requesting a copy of his x-ray, however, she handed Patient A ' s mammogram report to Patient B. Patient A ' s PHI (x-ray report) which was given to Patient B without authorization included the following. Patient name, sex, date of birth, menstral history, childbirth history, and breast surgery history. On June 5, 2015, Employee 1 ' s personnel file was reviewed. Employee 1 had received confidentiality, privacy, and HIPPA, training on June 20, 2011, August 15, 2012, April 1, 2013, and on April 16, 2014. On June 5, 2015, at 4:30 PM, a phone interview was conducted with the facility MARM. The MARM stated that Employee 1 had got flustered because Patient B was upset that Patient B could not have a copy of a recent x-ray and stated that he would go to another facility to have the test done again. As Patient B was leaving the facility, Employee 1 handed what she thought was Patient B ' s consent for the copy of the x-ray to him, but in error Employee 1 handed Patient A ' s x-ray report to Patient B. The facility failed to protect patient rights regarding maintaining the privacy and confidentiality of patient (PHI), which resulted in Patient A being placed at risk of identity theft, when an x-ray report containing Patient A ' s PHI was given to Patient B without authorization.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights