Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 1, 2012. Also cited in 72 other reports.
Report ID: R8FP11.02, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview and record review, the hospital failed to safeguard protected health information (PHI) from unauthorized persons in accordance with their policies and procedures, for 1 of 1 sampled patients (Patient 1). Findings:On 4/19/12 at 4:34 P.M., the hospital reported to the Department that an unauthorized disclosure of patient information occurred when a facesheet was found commingled with Patient 2's (wrong patient) discharge paperwork.A review of Patient 1's medical record was conducted on 6/1/12 at 2:15 P.M. Patient 1 was admitted to the hospital's Emergency Department on 4/15/12 at 11:53 P.M. per the Facesheet. Patient 1's Facesheet contained the following confidential patient information: name, medical record number, account number, admission date, date of birth, physician name, diagnosis, sex, age, marital status, race, social security number, address, phone number and insurance information.A review of Patient 2's medical record was conducted on 6/1/15 at 2:15 P.M. Patient 2 was admitted to the hospital's Emergency on 4/16/12 at 12:48 A.M. per the Facesheet.An interview with Registered Nurse (RN) 1 was conducted on 6/20/12 at 7:30 A.M. RN 1 stated that he did not recall discharging Patient 2. He stated that during the discharge process, the discharge paperwork was printed by the RN, each page was double checked and reviewed with the patient. He stated that he did not know that Patient 1's Facesheet was commingled with Patient 2's discharge paperwork.A review of the hospital's policy and procedure entitled "Health Information, Access, Use and Disclosures," effective date of 2/12, was conducted. The policy indicated that the hospital shall access use and disclose protected health information with authorization of patient/legal representatives and in accordance with mandated state and federal disclosure requirements. Per the same policy, it indicated that "All personnel providing services within the (hospital name) organization to include but not limited to employees, volunteers, physicians, Allied Health Professionals, students and contracted and affiliated business associates are responsible for: 1. Awareness of this policy and it's requirements for protecting patient health information from unauthorized access, use or disclosure." An interview with the clinical risk specialist (CRS) was conducted on 6/20/12 at 7:40 A.M. She acknowledged that an unauthorized disclosure occurred when Patient 1's Facesheet was found commingled with Patient 2's discharge paperwork.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights