Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Scripps Mercy Hospital
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 6, 2012. Also cited in 72 other reports.
Report ID: GZZK11.01, California Department of Public Health
Reported Entity: SCRIPPS MERCY HOSPITAL
Issue:
Based on interview, document and record review, the hospital failed to ensure that one patient's (Patient 1) personal and protected health information (PHI) was not shared with anyone without Patient 1's authorization.Findings:Patient 1 was admitted to the hospital on 6/3/12, with diagnoses that included esophagitis (inflammation of the esophagus), dysphagia (difficulty swallowing) and a history of weight loss, according to his admission History & Physical. A review of Patient 1's medical record was conducted on 7/6/12 at 2:15 P.M. Part of Patient 1's medical work up included performing a blood test to determine if Patient 1 was suffering from complications of HIV (human immunodeficiency virus) / AIDS (acquired immunodeficiency syndrome). According to a note written by the Social Worker (SW), dated 6/4/12, Patient 1 was very concerned about the results of his HIV/AIDS test. The SW told Patient 1's Registered Nurse (RN 1) about his concerns regarding the HIV/AIDS test. RN 1 then proceeded to contact Patient 1's MD to get an order from the MD to inform Patient 1 of his negative test result for HIV/AIDS. ON 6/4/12 at 6:00 P.M. it was noted in Patient 1's medical record that it was okay for RN 1 to disclose the HIV/AIDS test result to the patient. There was a nursing note written by RN, 1 also on 6/4/12, that read "Late entry 6/4/12 1800 Received order from Dr. [physician's name] to disclosure HIV lab negative result to patient and during disclosure inadvertently disclosed information to patient's girlfriend." An interview was conducted with RN 1 on 8/9/12 at 3:30 P.M. RN 1 stated that she was assigned to care for Patient 1 on 6/4/12. Later that day, the patient's HIV/AIDS laboratory results came back "negative." Patient 1's MD told RN 1 it was okay to inform the patient of his negative laboratory test result. RN 1 went in to Patient 1's hospital room. Patient 1's girlfriend was also in the room, and RN 1 proceeded to tell Patient 1 about his negative HIV/AIDS test results in front of the patient's girlfriend. Right away, RN 1 stated that she realized that she had made an error in judgement.A review of the hospital's policy and procedure, entitled Confidentiality of Information (Patient, Financial, Employee, and Other Sensitive and Proprietary Information) and dated 11/10, indicated that, "It is the responsibility of every [hospital name] employee...having access to [name of hospital] information to follow all of [name of hospital] policies and to safeguard all Confidential information."During the interview with RN 1 on 8/9/12, RN 1 acknowledged that she was not following hospital policy and procedure when she disclosed Patient 1's HIV/AIDS test result in the presence of his girlfriend.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights