Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
MERCY HOSPITAL OF FOLSOM
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 19, 2014. Also cited in 11 other reports.
Report ID: O64R11.01, California Department of Public Health
Reported Entity: MERCY HOSPITAL OF FOLSOM
Issue:
Based on staff interview and facility documentation review, the facility failed to prevent the unlawful or unauthorized disclosure of Patient 1's protected health information when Registered Nurse 1 (RN 1) discharged Patient 2 with the wrong prescription. This failure had the potential to compromise Patient 1's protected health information (PHI, includes sensitive, strictly confidential and personal information). Findings: During an interview with Director of Nursing (DON) on 05/20/14 at 11:18 a.m., the DON explained that Patient 1 and Patient 2 were being discharged at the same time. The physician wrote their prescriptions and put them with their individual charts. The RN 1 did not verify that Patient 1's and Patient 2's prescriptions were with the correct chart. A facility document dated 11/11/13 revealed that RN 1 inadvertingly gave Patient 1's prescription which contained information including: patient name, date of birth, medication, dosage and physician name to Patient 2.The 2012 policy and procedure titled "Confidentiality and Data Classification" indicated the purpose is "to provide appropriate access to information while preserving its confidentiality and integrity. The facility will implement reasonable and appropriate administative, technical, and physical safeguards". The 2012 facility policy and procedure titled, "Corrective Process for Breach of Patient Privacy or Confidentiality" indicated the purpose of the policy is to implement certain aspects of Dignity Health's Privacy Principles in order to comply with the Health Insurance Portability and Accountability Act (HIPPA) and other federal and state laws governing protection of confidential health information.The CDPH verified that the facility informed the department of the breach within the mandated time frame.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280