UNIVERSITY OF CALIFORNIA SAN FRANCISCO MEDICAL CENTER

Report ID: V29J11.01, California Department of Public Health

Reported Entity: UCSF MEDICAL CENTER

Issue:

Based on interview and record review the hospital failed to notify the California Department of Public Health (CDPH), within the required five business days, that personal health information (PHI) for Patient 1 had been incorrectly disclosed to a person(s) who had no authority and no need to view the PHI.Findings:Patient 1 - CA00381383 - UCSF 2013-275 During a telephone conference call on 2/6/14 at approximately 3:00 PM, a Privacy Analyst (PA) stated that a Discharge Summary for Patient 1 was given to another patient (Patient 1B) being discharged around the same time. This occurred on 12/4/13. When Patient 1B eventually read the Discharge Summary, he noted that it was for Patient 1. Patient 1B notified the facility on 12/11/13 that he had received a Discharge Summary for Patient 1. The PA stated that nursing unit was chaotic at the time of discharge when the nurse gave the Discharge Summary to the wrong patient.The Manager for Accreditation and Licensing (MAL) reported that the Discharge Summary contained Patient 1's name, date of birth, medical record number, address, phone number, medications, follow up appointments, teaching records, and discharge instructions. Patient 1B was not authorized to see this protected health information. Record review indicated the hospital notified CDPH by fax on 12/23/13 at 11:33 AM. This was eleven days after the information breach was detected.The hospital was five days late in notifying CDPH of the breach of Patient 1's protected health information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

The report containing this deficiency also includes information about 4 other violations. Note that these may be related to the same event: V29J11.02, V29J11.03, V29J11.04, V29J11.05