Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST MARY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 17, 2012. Also cited in 55 other reports.
Report ID: 0LY511, California Department of Public Health
Reported Entity: ST MARY MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to ensure that their policies were followed to protect the confidentiality for Patient A. The hospital failed to ensure that a contracted employee protected the confidential health information for Patient A when the patient's records were sent to the incorrect company. This failure resulted in a breach of protected health information for Patient A.Findings:A review of the hospital's investigation into the breach of records was conducted on 10/17/12. The hospital's investigation revealed that a contracted employee from an on-site medical records copying company sent Patient A's medical record to Company B, instead of Company A. The investigation also revealed that Company A notified the hospital and sent Patient A's record back to the hospital. The investigation further revealed that the cause of the breach of records was human error.A review of the breached protected health information for Patient A revealed that the records contained the ambulance record, information regarding the patient's demographics (name, address, date of birth, date of service), the physician's history and physical, discharge summary, consulting physician reports, various testing done on the patient, and laboratory results.A review of the hospital's policy titled Confidentiality Policy, dated 1/2012, revealed that, "The protection of confidential, sensitive, and proprietary information is of critical importance to the (name) Ministry, its work-force and its patients. In addition, the safeguarding of patient information from unauthorized, inappropriate and unlawful use and disclosure is required by law and is consistent with the values of the (name) Ministry." The policy further indicated that employees will "take all precautions to prevent any intentional or unintentional use or disclosure of patient health information without the signed authorization of the patient."An interview was conducted with the Director of Health Information Management (DHIM) on 10/17/12 at 11 AM. She confirmed that a breach of protected health information occurred. The DHIM stated that the contracted employee must follow the hospital's policies for protecting patient confidentiality.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights