Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAN ANTONIO REGIONAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 11, 2014. Also cited in 35 other reports.
Report ID: RJOT11.01, California Department of Public Health
Reported Entity: SAN ANTONIO COMMUNITY HOSPITAL
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of two patients (Patients A and B's) protected health information (PHI), when an Emergency Department Registration Clerk (ED Clerk) released the Medicare Card for Patient A, to Patient B's mother, and Patient B's Medicare Card to Patient A, when checking into the emergency department (ED). This resulted in the unauthorized release of PHI for both Patients A and B.Finding:On August 6, 2014 at 3:20 PM, a phone interview was conducted with the Director of Nursing Operations (DNO) regarding an entity reported incident of a breach of PHI for Patient A and Patient B, on April 17, 2013. Patient A's Medicare card was given to Patient B's mother, and Patient B's Medicare card was given to Patient A when checking into the ED. The DNO stated, "They are supposed to check in one patient at a time, and then read the name on the card and have the patient say their name as a double identifier, to make sure the patient gets the right paperwork".During a review of the documentation that had been given to Patient A, the Medicare card contained, Patient B's name, date of birth, Medicare ID and claim number. The documentation that had been given to Patient B's mother, the Medicare card contained Patient A's name, date of birth Medicare ID and claim number. A review of the facility policy and procedure titled, "Confidentiality, Protecting Confidential Information," dated July, 2011, indicated, "Confidential information must be protected from unauthorized uses; disclosures....must be protected to prevent financial fraud and identity theft."The failure of ED Clerk to ensure that Patient A and Patient B's Medicare cards were returned to them by verifying the identity of the recipient, resulted in the unauthorized release of Patient A's PHI to Patient B's mother, and Patient B's PHI to Patient A.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights