Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST MARY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 24, 2014. Also cited in 55 other reports.
Report ID: PUPL11, California Department of Public Health
Reported Entity: ST MARY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when Patient A's Face Sheet was inadvertently faxed to an incorrect health plan company. This placed Patient A at risk for identity theft, and unauthorized access to Patient A's PHI.Findings:During a phone interview on October 24, 2014 at 4:36 PM, with the Risk Management Staff, she stated the Emergency Department (ED) registrar reported to the Risk Management Staff that Patient A's Face Sheet was faxed to the wrong health plan, and the wrong pre-printed fax coversheet was used in error. During a review of the facility's investigative report on October 24, 2015 at 4:30 PM, the report revealed on October 20, 2014, the ED registrar verified she should have double checked the insurance company on the face sheet to ensure they matched the fax number on the coversheet. A review of the facility's policy and procedure "Confidentiality Policy", dated January 24, 2012, a Compliance Policy # 11679, indicated, "The requirement that individuals have to safeguard confidential, sensitive and proprietary business information and patient information from unlawful and unauthorized use and disclosure."A review of the facility's policy and procedure titled, "Confidentiality Policy", dated January 24, 2012, a Compliance Policy # 11679, indicated, "The protection of confidential, sensitive, and proprietary information is of critical importance to the (corporate name) (SJHS) Ministry/ (facility name), its work-force, and its patients. In addition, the safeguarding of patient information from unauthorized, inappropriate and unlawful use and disclosure is required by law and is consistent with the values of the SJHS Ministries."Review of the System Changes and Actions taken to correct the system, dated October 7, 2014, indicated, "The Manger of Patient Access revised the facsimile transmittal coversheet to prevent reoccurrence."A review of Patient A's Face Sheet, indicated the PHI disclosed included Patient A's name, address, home telephone number, DOB, last 4 digits of the social security number, age, race, marital status, reason for admission, names of guarantor and emergency contacts.This failure of the ED registrar to verify each document when faxing Patient A's Face Sheet led to the facility's failure to safeguard Patient A's PHI as per policy and procedure and resulted in Patient A's PHI being released to an unauthorized Health Plan Company.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights