ST MARY MEDICAL CENTER

Report ID: 96FR11, California Department of Public Health

Reported Entity: ST MARY MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to protect Patient A's medical information. This breach caused Patient A's protected health care information to be released.Findings:The facility self-reported that a patient's (Patient A) protected health information (PHI) was inadvertently given to another patient during the registration process. The OR (Operating Room) Procedure Booking Sheet for one patient was given to another patient. During an interview with the health information officer on 6/20/12 at approximately 3:55 PM, she confirmed and stated, "The staff just grabbed the paper (OR Procedure Sheet) without checking and gave it to the patient."Review of the letter mailed to Patient A dated 3/19/12/12 stipulated that a copy of Patient A's surgery booking slip which contained her personal health information was inadvertently handed to another patient. The following healthcare information inadvertently released included: a. Name.b. Medical record number.c. Birth Date.d. Account Number.e. Social Security Number.The policy and procedure titled "Release of Protected Health Information", Origination Date: 1/2012 indicated, it was the facility's requirement, "To obtain a valid authorization form from the patient or the patient's legal representative prior to using or disclosing protected health information (PHI) for purposes that are not related to the patient's treatment, payment ... "The policy also indicated, "The ... (Name) may use and disclose PHI for the purposes other than treatment, payment and its own health care operations after obtaining written authorization from the patient or the patient's legal representative using a compliant authorization form."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights