ST MARY MEDICAL CENTER

Report ID: P12U11, California Department of Public Health

Reported Entity: ST MARY MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to protect Patient A's medical information. This breach caused Patient A's protected health care information to be released without authorization or consent.Findings:The facility self reported to the Department on July 20, 2012 that the health information intended for Patient A was given to Patient B upon discharge. The information disclosed included the patient's name, date of birth, medical record number, and account number.During the telephone interview with the Health Information Management Director on August 14, 2012 at 9:20 AM, the Director stated that the patient (Patient B) was being discharged from ER (The Emergency Room). The ER has a community printer. The staff just grabbed the papers from the printer and gave it to the patient (Patient B). The documents included the other documents that belong to the other patient (Patient A). The Director also stated, "The other patient brought back the papers that belongs to the other patient."The letter mailed to Patient A dated August 8, 2012, stipulated that copies of order forms containing his personal health information were inadvertently handed to another patient upon discharge from the facility. Review of the "Confidentiality Policy" revised on January 2012 stipulated, "The protection of confidential, sensitive, and proprietary information is of critical importance to the ... its work-force, and its patients." "Employee are required to follow all policies and procedures and the ... Standards of Conduct regarding use and disclosure of business and patient information, and to comply with all safeguards applicable to the employee ' s work area and the employee's scope of duty in order to ensure that business and patient information is safeguarded at all times."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights