Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SHARP CHULA VISTA MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 3, 2012. Also cited in 46 other reports.
Report ID: CIBF11.02, California Department of Public Health
Reported Entity: SHARP CHULA VISTA MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to safeguard protected health information (PHI) from unauthorized persons in accordance with their policies and procedures, for 1 of 1 sampled patients (Patient 1). Findings:On 3/16/12 at 4:45 P.M., the hospital reported to the Department that an unauthorized disclosure of patient information occurred, when Patient 1's 10 page discharge paperwork including home care instruction, were inadvertently given to another patient (wrong patient).A review of Patient 1's medical record was conducted on 4/3/12 at 5:15 P.M. Patient 1 was admitted to the hospital's Emergency Department (ED) on 3/10/12, per the ED document. The following confidential patient information was found in Patient 1's discharge paperwork: home care instructions, name, medical record number, admission date, discharge date, sex, age, date of birth, allergies, chief complaint, address, home telephone number, insurance information, primary physician name, prescription and diagnostic tests performed.An interview with the registered nurse (RN 1) was conducted on 4/20/12 at 2:37 P.M. RN 1 stated that she did not perform the hospital's discharge process when she did not verify that each document of the discharge paperwork belonged to the patient she was discharging. She acknowledged that Patient 1's 10 page discharge paperwork with home care instructions contained confidential patient information which were disclosed to an unauthorized person(s) when they were inadvertently given to the wrong patient at discharge.An interview with the Emergency Department Manager (EDM) was conducted on 4/20/12 at 2:50 P.M. The EDM stated that the ED had processes in place to ensure that when patients were discharged, the correct paperwork or documents were released to the correct patient and authorized individuals. The EDM acknowledged that Patient 1's discharge paperwork with home care instructions were given to the wrong person during the discharge process. She acknowledged that the hospital's Health Information policy was not implemented.A review of the hospital's policy entitled "Health Information: Minimum Necessary access, use and disclosure," current effect date of 7/11, was conducted. The policy indicated that the hospital staff shall take reasonable measures to limit each use and disclosure of protected health information (PHI) to the minimum amount necessary. Per the policy, it instructed hospital staff to disclose protected health information to the following:1) Health care providers who were involved in treating the patient or individual.2) The individual who was the subject of the information.3) Individuals with a valid authorization for use/disclosure.4) When the use or disclosure was in compliance with privacy regulations.5) The use and disclosure required by a court order or other laws.6) Disclosures to the Department for compliance or enforcement purposes.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights