Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Good Samaritan Hospital
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 22, 2013. Also cited in 21 other reports.
Report ID: EDGL11, California Department of Public Health
Reported Entity: GOOD SAMARITAN HOSPITAL
Issue:
Based on interview and record review, the hospital failed to safeguard one patient's (Pt 1) protected health information (PHI). This resulted in her PHI being accessed by an authorized person.Findings:During an interview with the Case Manager Social Services (CMSS), on 7/22/13, at 3:15 PM, she stated, "Pt 1 came in day before the 4th of July. The following day she gave her verbal consent...She talked to me and requested me to call her Mom. When I called the parents, they said that they are already in the building...She responded, "Yes bring my Dad here, I haven't seen him in 17 years...Pt 1 revoked the consent for the family to visit and give information. So I informed the family but Pt 1 calls them to bring cigarettes. But I didn't document all the things she told me. I know I need to document but because of so much going on, I forgot to document. Pt 1 is claiming that she did not give consent for visitation and release of information to her parents. So I take the full responsibility for that...But the parents know that they are here because she called them to come..."During an interview with the Clinical Social Worker (CSW), on 7/22/13, at 3:30 PM, he stated, "On 7/11/13, we were in the 5250 (to involuntary confine a person deemed to have certain mental disorders for up to 14 day following being involuntary held for 72 hours under a section of 5150 hold) hearing. As I was presenting the evidence, Pt 1 disclosed to us that she didn't give consent to the hospital to talk to her parents. This is the first time we heard about it."During an interview with the Social Services Supervisor, on 7/22/13, at 3:45 PM, she stated, "To check if an authorization was given, we verify from the consent form in the chart. We usually get a written consent if not a verbal consent from the patient. Both consents should however be documented."During an interview with the Privacy Officer, on 7/30/13, at 4 PM, she stated, "...the CMSS wants to have a family meeting. Pt 1 verbally told the CMSS that it is OK but the problem is she did not document what Pt 1 told her. From 7/4/13 to 7/8/13 there was no documentation/consent that the parents can come and see her. There's nothing to prove that she agreed the visitation. She signed the consent 7/8/13 but on 7/10/13 she revoked it. On 7/11/13 Pt 1 went on the 5250 hearing. When they were presenting the pictures during the hearing Pt 1 stated, "I never gave consent to release this information."During a review of the medical record for Pt 1, the Privacy Incident Written Report dated 7/16/13, read,"...On 7/11/13 during 5250 hearing, the hospital presented information received from parents to which the patient objected, stating she did not give the hospital consent to speak for her parents. Review of the patient's medical record revealed no documentation of patient's verbal consent to case manager on 7/5/13 was entered into the medical record..."The hospital policy and procedure titled "HIPPA-Request for Restriction of Use or Disclosure of Protected Health Information dated 5/30/13 read, "Patients will be provided the right to request restrictions of certain uses and disclosures of their PHI that is contained with the designated record set."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights