Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
MERCY HOSPITAL OF FOLSOM
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 19, 2014. Also cited in 11 other reports.
Report ID: 3RNM11.01, California Department of Public Health
Reported Entity: MERCY HOSPITAL OF FOLSOM
Issue:
Based on staff interview and documentation review, the facility failed to prevent the unauthorized disclosure of Patient 1's protected health information when Physician Assistant Certified 1 (PAC) printed and sent lab results home with the wrong patient. This failure had the potential to compromise Patient 1's protected health information (PHI, includes sensitive, strictly confidential and personal information). Findings: During an interview with the Senior Director of Emergency Services (DES) on 05/21/14 at 12 p.m., the DES explained that discharge packets which include: discharge instructions, discharge diagnosis, test/labs that were performed, medication information, new medications, education material and lab results, are printed up for each patient. Sometimes two packets are being printed at the same time. The PAC should go through the packets to ensure all documents are labeled with the same patient name before giving the packet to the patient. This time it wasn't done properly. A facility document revealed PAC 1 printed the discharge paperwork and inadvertingly gave Patient 2's lab results to Patient 1's family member. The 2012 facility policy and procedure titled, "Corrective Process for Breach of Patient Privacy or Confidentiality" indicated the purpose of the policy is to implement certain aspects of Dignity Health's Privacy Principles in order to comply with the Health Insurance Portability and Accountability Act (HIPPA) and other federal and state laws governing protection of confidential health information. The 2012 policy and procedure titled "Confidentiality and Data Classification" indicated the purpose is "to provide appropriate access to information while preserving its confidentiality and integrity. The facility will implement reasonable and appropriate administative, technical, and physical safeguards".
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280