Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SHARP CORONADO HOSPITAL AND HLTHCR CTR
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 11, 2013. Also cited in 18 other reports.
Report ID: Z0HO11.02, California Department of Public Health
Reported Entity: SHARP CORONADO HOSPITAL AND HLTHCR CTR
Issue:
Based on interview and record review, the hospital failed to safeguard protected health information (PHI - is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual) from unauthorized persons in accordance with their policies and procedures, for 1 of 1 sampled patients (Patient 1). Patient 1's medications that's regularly refilled by the hospital was inadvertently delivered to the wrong patient (Patient 2).Findings:On 11/30/12 at 3:15 P.M., the hospital reported to the Department that an unauthorized disclosure occurred when Patient 1's medications were delivered to the wrong patient.On 1/11/13 at 4:00 P.M., a tour of the hospital's retail pharmacy was conducted with the pharmacy manager (PM 1). During the tour, a pharmacy technician (PT 1) was interviewed at 4:05 P.M. PT 1 explained the the pharmacy process prior to a general delivery of patients' medications. She stated that the patient's Packing List (invoice) was generated by choosing the patient's name in their system. She stated that once the invoice was generated, it was reconciled with the receipts to ensure the correct medications were going to the right patient. A review of Patient 1's medication receipts was conducted on 1/11/13. The receipts contained the following confidential patient information: patient's name, date of birth, address, telephone number, name of medications and directions for use.A review of Patient 2's invoice was conducted on 1/11/13. The invoice contained Patient 2's name and address. An interview was conducted with the pharmacy courier (PC 1) on 1/11/13, at 4:45 P.M. PC 1 stated that he delivered Patient 1's medications along with her receipts to another patient. He stated that during the reconciliation phase of their process to ensure that the correct patient received the right delivery of medications, he mixed up Patient 1's and Patient 2's names. He stated that a Packing List (invoice) was printed with Patient 2's name and information when it should have been Patient 1's.A review of the hospital's policy entitled "Confidentiality of Information," effective date of 8/12 was conducted on 1/11/13. The policy indicated that "Sensitive information collected and/or generated within (Hospital name) shall be maintained in such a manner that access to it is restricted to those with a need to know." Per the same policy, it stipulated that "Information will be restricted to those with a legal right under authorization, those participating in treatment, payment, healthcare operations and as mandated by state and federal laws in accordance with (Hospital name's) policies."A follow-up interview with the pharmacy manager (PM 1) was conducted on 1/11/13 at 4:50 P.M. PM 1 stated that both patients (Patient 1 and Patient 2) got medications delivered to them regularly. She acknowledged PC 1 should have reconciled the invoice with the medication receipts. As a result, she acknowledged that an unauthorized disclosure occurred when Patient 1's medications and receipts were inadvertently delivered to the wrong patient.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights