Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ALVARADO HOSPITAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 28, 2013. Also cited in 14 other reports.
Report ID: MUVC11.02, California Department of Public Health
Reported Entity: ALVARADO HOSPITAL MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to safeguard protected health information (PHI- is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual) from unauthorized person(s) in accordance with their policies and procedures, for 1 of 1 sampled patients (Patient 1). Patient 1's facesheet contained incorrect next of kin information which lead to an unauthorized disclosure of his death to the wrong person.Findings: On 3/12/13 at 3:27 P.M., the hospital reported to the Department that an unauthorized disclosure of confidential patient information occurred when Patient 1's facesheet contained incorrect next of kin information which caused a Registered Nurse (RN 1) to disclose the death of Patient 1 to the wrong person (unintended recipient).A review of Patient 1's medical record was conducted on 3/28/13 at 2:33 P.M. According to Patient 1's facesheet, the next of kin section contained a name, the relationship to the patient indicated "other", and a home phone number.An interview was conducted with RN 2 on 3/28/13 at 3:12 P.M. RN 2 stated that she had gotten in report that RN 1 called Patient 1's sister, informed her of his death and will be coming into the hospital to see the patient. She stated that when she reviewed Patient 1's electronic medical record, it indicated in the Admission Data Sheet that the patient had a niece and her name was listed. RN 2 explained that Patient 1's niece came in that morning and introduced herself. During the conversation, RN 2 discovered that Patient 1 did not have a sister and that his niece was his only living relative. She stated that she informed the niece of Patient 1's death. She also stated that she further investigated the facesheet next of kin information and called the phone number that was listed. She stated that after that phone call, the hospital identified that an error had been made on Patient 1's facesheet and an unauthorized disclosure had occurred.A telephone interview was conducted with RN 1 on 3/28/13 at 3:45 P.M. RN 1 stated that Patient 1 had died at the end of their shift on 3/6/13. She explained that she was helping Patient 1's primary nurse and offered to notify the patient's family of his death. She stated that she called the phone number of the person that was listed on Patient 1's facesheet under "next of kin". She stated that she spoke with the person listed on the facesheet, introduced herself and informed her of Patient 1's death. She stated that she was not aware that the information on Patient 1's facesheet was incorrect and that she had informed the wrong person.A review of the hospital's policy entitled "HIPAA (Health Insurance Portability and Accountability Act - a law designed to provide privacy standards to protect patients' medical records and other health information provided to health plans, doctors, hospitals and other health care providers) Privacy Rule", revision date of 9/26/11, was conducted on 3/28/13. The policy indicated that protected health information may be disclosed when the individuals (or their personal representatives) request access to, or an accounting of disclosures of, or was part of an investigation by the Department of Public Health or other enforcement action. Per the same policy, it stipulated that disclosures of protected health information required the individual's written authorization and if they were not authorized there was a list of purposes or situations that allow a disclosure to occur: 1) To the individual;2) Treatment, Payment, and Health Care Operations;3) Opportunity to Agree or Object;4) Incident to an otherwise permitted use and disclosure;5) Public Interest and Benefit Activities; and 6) Limited data set for the purposes of research, public health or health care operationsAn interview with the Director of Medical Surgical Services (DMSS) was conducted on 4/11/13 at 3:38 P.M. The DMSS acknowledged that an unauthorized disclosure of confidential patient information occurred when Patient 1's facesheet contained incorrect next of kin information which lead to the disclosure of his death to the wrong person.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights