Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAN ANTONIO REGIONAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 15, 2015. Also cited in 35 other reports.
Report ID: OGOV11.01, California Department of Public Health
Reported Entity: SAN ANTONIO REGIONAL HOSPITAL
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of Patient A's protected health information (PHI) when a Registered Nurse (RN 1) gave Patient A's discharge documents to Patient B. This resulted in an unauthorized disclosure of Patient A's PHI.Findings:On April 15, 2015 at 2:00 PM, a phone interview was conducted with the Director of Health Information Management (Director of HIM) regarding an entity reported incident of a breach of Patient A's PHI detected by the facility on August 22, 2014. The Director of HIM stated that RN 1 gave Patient A's discharge documents, which contained Patient A's name, gender, race, ethnicity, date of birth, patient identification number, address, home phone number, diagnoses, pertinent health information (vital signs and physical assessment), allergies, medication names with dosages, and laboratory test names with results, to Patient B.The Director of HIM stated that Patient A was notified on August 25, 2015 of the breached PHI, and provided a copy of the letter.On April 29, 2015 at 11:45 AM, a phone interview was conducted with RN 1 regarding this entity reported incident. RN 1 stated she printed out a document titled "Transition of Care", put the document in an envelope and gave it to the patient (Patient B) she was discharging. RN 1 stated when she accessed the electronic health record (EHR) system, she printed the document without first verifying that she was in the correct patient's chart. RN 1 stated as a result, the "Transition of Care" document she provided Patient B was a document which belonged to a different patient (Patient A). RN 1 stated that she did not check the printed document for the correct patient information prior to providing the document to Patient B.A review of the discharge document titled "Transition of Care", indicated Patient A's name, gender, race, ethnicity, date of birth, patient identification number, address, home phone number, diagnoses, pertinent health information (vital signs and physical assessment), allergies, medication names with dosages, and laboratory test names with results.A review of the facility's policy and procedure titled, "Confidentiality, Protecting Confidential Information" dated July 2008, indicated "Confidential information must be protected from unauthorized uses, disclosures, inappropriate modification, and/or any action that would prevent it from being readily available to authorized individuals..."A review of the facility's policy and procedure titled, "Discharge of Patient: Routine, Leaving Against Medical Advice, Elopement, Patient Who Refuses To Leave the Hospital" dated November 1971 and revised date June 2013, indicated "The patient's nurse will check the completed instructions, prescriptions and other paperwork for proper patient identification, initial each page of the packet and sign, date and time the signature page."The facility failed to ensure the correct discharge documents were given to Patient B resulting in an unauthorized release of Patient A's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights