Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAN ANTONIO REGIONAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 11, 2014. Also cited in 35 other reports.
Report ID: CWQX11.01, California Department of Public Health
Reported Entity: SAN ANTONIO COMMUNITY HOSPITAL
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient B, when a Maternity Department registered nurse (RN1) failed to verify the name on a prescription which resulted in Patient A's husband receiving Patient B's prescription. This resulted in a breach of PHI for Patient B.Finding:On August 6, 2014 at 3:25 PM, a phone interview was conducted with the Director of Nursing Operations (DNO) regarding an entity reported incident of a breach of PHI for Patient B which was detected on August 3, 2013. In documentation review, it was found that Patient A's prescription had been stapled over Patient B's prescription by the physician. Both prescriptions were handed to Patient A's husband by RN 1 without checking the name on both prescriptions. The DNO stated, "They are supposed to check the name and Stay Number or account number before giving any PHI. They are supposed to check two identifiers before giving anything".During a review of the documentation that had been given to Patient A's husband, the documents included, Patient B's prescription which contained Patient B's name, type and reason for prescription, date of birth, account number, and medical record number. A review of the facility policy and procedure titled, "Confidentiality, Protecting Confidential Information," dated July, 2011, the policy indicated, "Confidential information must be protected from unauthorized uses; disclosures....must be protected to prevent financial fraud and identity theft."The failure to ensure the prescription given to Patient A's husband by RN 1 contained only Patient A's PHI resulted in the unauthorized release of Patient B's PHI to Patient A's husband.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights