HIPAA Helper »
UNIVERSITY OF CALIFORNIA SAN FRANCISCO MEDICAL CENTER »
Feb 5, 2014

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

UNIVERSITY OF CALIFORNIA SAN FRANCISCO MEDICAL CENTER

505 PARNASSUS AVE, BOX 0296 SAN FRANCISCO,CA 94143

Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 5, 2014. Also cited in 108 other reports.

Report ID: V29J11.02, California Department of Public Health

Reported Entity: UCSF MEDICAL CENTER

Issue:

Based on interview and record review the hospital failed to notify the Patient 1 within the required five business days, that personal health information (PHI) for Patient 1 had been incorrectly disclosed to a person(s) who had no authority and no need to view his PHI.Findings:Patient 1 - CA00381383 - UCSF 2013-275 During a telephone conference call on 2/6/14 at approximately 3:00 PM, a Privacy Analyst (PA) stated that a Discharge Summary for Patient 1 was given to another patient (Patient 1B) being discharged around the same time. This occurred on 12/4/13. When Patient 1B eventually read the Discharge Summary, he noted that it was for Patient 1. Patient 1B notified the facility on 12/11/13 that he had received a Discharge Summary for Patient 1. The PA stated that nursing unit was chaotic at the time of discharge when the nurse gave the Discharge Summary to the wrong patient.The Manager for Accreditation and Licensing (MAL) reported that the Discharge Summary contained Patient 1's name, date of birth, medical record number, address, phone number, medications, follow up appointments, teaching records, and discharge instructions. Patient 1B was not authorized to see this protected health information. Record review indicated of the hospital's fax, dated 12/23/13 at 11:33 AM, confirmed that the hospital became aware of mistaken disclosure of Patient 1's Discharge Summary to Patient 1B on 12/11/13. The MAL provided a copy of the notification letter sent to Patient 1. Review of this copy indicated it was dated 12/20/13, nine days after detection of the error.The hospital was two days late in notifying Patient 1 of the breach of his protected health information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

The report containing this deficiency also includes information about 4 other violations. Note that these may be related to the same event: V29J11.01, V29J11.03, V29J11.04, V29J11.05

Do you believe your privacy has been violated? Here’s what you can do: