Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAINT AGNES MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 27, 2013. Also cited in 16 other reports.
Report ID: R3L311.01, California Department of Public Health
Reported Entity: SAINT AGNES MEDICAL CENTER
Issue:
Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's medical information was verbally disclosed to unauthorized individual. (refer to CA00377627).2. Patient 2's discharge paper work was given to Patient 3 in error. (refer to CA00379478).3. Patient 4's financial information was mailed to an unauthorized individual. (refer to CA00375633). These failures resulted in not protecting the PHI for Patient 1, Patient 2 and Patient 4, and had the potential for unauthorized use. Findings: Refer to CA003776271. On 1/10/14 at 11:00 a.m. during an interview Privacy Officer stated that during the discharge process with Patient 1, Patient 1's home medication list was discussed in front of Patient 1's visitor without Patient 1's approval. The information breached was Patient 1's supply of home medications. The Hospital's Policy and Procedure titled, "Privacy & Confidentiality Policy", dated 9/17/09, indicated [Hospital] recognizes the importance of safeguarding all confidential information and values the privacy of of our patients... Each [Hospital] employee has a personal responsibility to protect both the privacy and confidentiality of that information." Refer to CA003794782. On 1/10/14 at 11:40 a.m. during an interview, the Privacy Officer (PO) stated Hospital staff gave Patient 2's discharge paperwork to Patient 3. Patient 3's PHI breached included demographic information, patient name, account number, medical record number, telephone number, address, date of birth, age, sex, and clinical information.The Hospital's Policy and Procedure titled, "Privacy & Confidentiality Policy", dated 9/17/09, indicated [Hospital] recognizes the importance of safeguarding all confidential information and values the privacy of of our patients... Each [Hospital] employee has a personal responsibility to protect both the privacy and confidentiality of that information." Refer to CA00375633 3. On 1/10/14 at 11:00 during an interview, the Privacy Officer (PO) stated hospital staff mailed Patient 4's credit card receipt to the wrong address. Patient 4's PHI breached included demographic information, name, account number, date of last payment, and account balance.The Hospital's Policy and Procedure titled, "Privacy & Confidentiality Policy", dated 9/17/09, indicated [Hospital] recognizes the importance of safeguarding all confidential information and values the privacy of of our patients... Each [Hospital] employee has a personal responsibility to protect both the privacy and confidentiality of that information."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights