Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAINT AGNES MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 21, 2014. Also cited in 16 other reports.
Report ID: K0SS11, California Department of Public Health
Reported Entity: SAINT AGNES MEDICAL CENTER
Issue:
Based on staff interview, facility and administrative document review the facility failed to keep Protected Health Information (PHI) confidential when:1. Lab reports for Patients 1, 2, 3, 4, 5, 6, 7, 8, 9, and 10 were sent to an incorrect fax machine. (CA00375536)2. Belongings list for Patient 11 was signed by and given to Patient 12. (CA00381382)3. Discharge paperwork for Patient 13 was given to Patient 14. (CA00381002)These failures placed Patient 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, and 13's PHI at a potential risk for unauthorized use.Findings:CA003755361. On 2/21/14 at 11:22 a.m. during an interview, the Compliance Coordinator (CC) stated lab results for Patients 1, 2, 3, 4, 5, 6, 7, 8, 9, and 10 were auto-generated and faxed to a private resident. The CC stated a provider's new fax number was not updated in all system fields, so the lab results were sent to a private party's fax machine. The PHI breached included the patients' name, date of birth, phone number, date of service, medical record number and lab reports.The facility policy and procedure titled, "Privacy and Confidentiality Policy", dated 9/17/09, indicated "[Facility] recognizes the importance of safeguarding all confidential information and values the privacy of all our patients......Each [facility] employee has a personal responsibility to protect both the privacy and confidentiality of that information..."CA003813822. On 2/21/14 at 11:40 a.m., during an interview, the Compliance Coordinator (CC) stated the belonging list for Patient 11 was signed by and given to Patient 12. The CC stated the Registered Nurse (RN) 1 did not check the names on the belonging lists against the patient wristbands as per facility policy. The PHI breached included the patient's name, date of birth, medical record number, account number, admit date, and admitting physician.The facility policy and procedure titled, "Privacy and Confidentiality Policy", dated 9/17/09, indicated "[Facility] recognizes the importance of safeguarding all confidential information and values the privacy of all our patients......Each [facility] employee has a personal responsibility to protect both the privacy and confidentiality of that information..."CA003810023. On 2/21/14 at 11:33 a.m., during an interview, the Compliance Coordinator (CC) stated Registered Nurse (RN) 2 gave discharge instruction for Patient 13 to Patient 14. The CC stated RN 2 did not verify the patient's name printed on the discharge instructions against Patient 14's wristband. The PHI breached included Patient 13's name, date of birth, address, sex, telephone number, diagnosis, physician's name, and medication list. The facility policy and procedure titled, "Privacy and Confidentiality Policy", dated 9/17/09, indicated "[Facility] recognizes the importance of safeguarding all confidential information and values the privacy of all our patients......Each [facility] employee has a personal responsibility to protect both the privacy and confidentiality of that information..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights