Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SHARP CHULA VISTA MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 3, 2012. Also cited in 46 other reports.
Report ID: F77P11.02, California Department of Public Health
Reported Entity: SHARP CHULA VISTA MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to safeguard protected health information (PHI) from unauthorized persons, in accordance with their policies and procedures, for 1 of 1 sampled patients (Patient 1). Findings:On 3/30/12 at 2:25 P.M., the hospital reported to the Department that an unauthorized disclosure of patient information occurred, when a facesheet belonging to Patient 1 was inadvertently given to the wrong person.A review of Patient 1's medical record was conducted on 4/3/12 at 5:30 P.M. Patient 1 was admitted to the hospital's Emergency Department (ED) on 2/10/12, per the facesheet. The following confidential patient information was found on the facesheet: name, medical record number, admit number, admission date, discharge date, sex, age, date of birth, address, religion, marital status, home telephone number, occupation, emergency contact information, insurance information, physician name, diagnosis and other visit information data.An interview with the registered nurse (RN 1) was conducted on 4/3/12 at 5:45 P.M. RN 1 stated she did not recall releasing Patient 1's facesheet to an unauthorized person. She stated that during a joint review of Patient 1's medical record with the ED manager (EDM), it was identified that she was Patient 1's discharge nurse. She stated that the discharge nurses were responsible for releasing patient information or discharge paperwork to patients or authorized persons. An interview with EDM was conducted on 4/3/12 at 5:50 P.M. The EDM stated that the ED had processes in place to ensure that when patients were discharged, the correct paperwork or documents were released to the correct patient and authorized individuals. She acknowledged that Patient 1's facesheet was given to the wrong person during the discharge process. She acknowledged that the hospital's Health Information policy was not implemented.A review of the hospital's policy entitled "Health Information: Minimum Necessary access, use and disclosure," current effect date of 7/11, was conducted on 4/3/12. The policy indicated that the hospital staff shall take reasonable measures to limit each use and disclosure of protected health information (PHI) to the minimum amount necessary. Per the policy, it instructed hospital staff to disclose protected health information to the following:1) Health care providers who were involved in treating the patient or individual.2) The individual who was the subject of the information.3) Individuals with a valid authorization for use/disclosure.4) When the use or disclosure was in compliance with privacy regulations.5) The use and disclosure required by a court order or other laws.6) Disclosures to the Department for compliance or enforcement purposes.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights