Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAN ANTONIO REGIONAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 10, 2014. Also cited in 35 other reports.
Report ID: NM2I11, California Department of Public Health
Reported Entity: SAN ANTONIO COMMUNITY HOSPITAL
Issue:
Based on interview, and record review, the facility failed to ensure that a registered nurse (RN 1) protected the confidential and protected health information(PHI- any health records, records of health care provided, or financial cost for health care) of Patient B. RN 1 did not ensure the name on the radiology CD (A compact disc containing radiology images) matched the name of the patient (Patient A), who she handed the CD to upon discharge. This resulted in Patient A receiving Patient B's radiology CD which constituted a breach of PHI for Patient B.Findings:A phone interview was conducted with the Medical Record Director/Facility Privacy Officer (MRD/FPO) on March 10, 2014 at 8:30 AM, to investigate an entity reported incident of a possible breach of PHI for Patient B.During a phone interview, with the MRD/FPO,he stated, "On February 5, 2014, RN 1 [RN 1's name was provided] on the ambulatory care unit (ACU) was discharging Patient A. RN 1 handed Patient A a radiology CD, following an endoscopic procedure (a lighted scope is inserted into a body cavity to look for disease). Patient A discovered the error and returned the CD to the facility on February 11, 2014."A review of Patient B's face sheet (which contained patient demographics) indicated he was a 69 year old male, admitted on February 5, 2014 at 10:00 AM, and discharged the same day at 12:28 PM, following a colonoscopy (a lighted tube is inserted into the rectum and visualizes the colon).A review of Patient A's face sheet indicated she was a 55 year old female, admitted on February 5, 2014 at 10:30 AM, and discharged the same day at 12:57 PM, following a colonoscopy.During a review of the written coaching provided to RN 1 on February 6, 2014, it indicated that RN 1 was reminded of the importance of ensuring that the name on the CD and all paperwork matched the name of the patient. In addition, RN 1 was informed by her supervisor, " the camera in the endoscopy suite sometimes prints out a photograph or two from the previous patient..." According to the write up , RN 1, "...felt very bad that she had not checked the name on each photograph, understood what she did wrong, and knows how to prevent this from recurring."During a review conducted on March 11, 2014 at 8:00 AM, of the images copied by the FPO, the document had five separate images. Each image had Patient B's name, date of birth, medical record number, and date of service.During a phone interview with the MRD/FPO on March 10, 2013 at 9:15 AM, he stated that the nurse (RN 1) had not followed the facility policy and procedure to protect confidential patient information .A review of the facility policy and procedure titled, "Confidentiality, Protecting Confidential Information," dated August 2011, indicated under, "Policy": indicated, "Media containing confidential information must be protected against damage, theft, loss and unauthorized access. ...media includes: paper documents, CD-ROMS, DVDs,...."The failure of RN 1 to make sure she checked Patient A's name against the name on the radiology CD, resulted in an unauthorized release of Patient B's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights