ST MARY MEDICAL CENTER

Report ID: IE0E11, California Department of Public Health

Reported Entity: ST MARY MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to ensure the confidential treatment of the protected health information (PHI) for Patient A, when a nurse in the emergency room (ER) gave Patient B documents containing Patient A's PHI. This failure resulted in the unauthorized release of Patient A ' s PHI.Findings:On October 16, 2014, at 11:25 AM, a phone interview was conducted with the Risk Management Accreditation Manager regarding an entity reported incident of a breach of PHI for Patient A, which was detected on September 15, 2014. The Risk Management Accreditation Manager stated, "The nurse who discharged Patient B in the emergency room gave Patient A's document by mistake to Patient B. The nurse called the patient [Patient B] to bring back the documents upon realizing the mistake, and the patient brought back the documents."During a review of the documents given to Patient B, the documents contained Patient A's name, medical record number, medical diagnoses, and date of hospitalization.A review of the policy and procedure titled, "Confidentiality Policy," dated January 24, 2012, indicated, "The safeguard of patient information from unauthorized, inappropriate and unlawful use and disclosure is required by law and is consistent with the value of the St. Joseph Health System (SJHS) ministry. Employees are required to follow policies and procedures and the SJHS Ministry standard of conduct ... in order to ensure that business and patient information is safeguarded at all times.The failure of the ER nurse to verify that each document page given to Patient B was intended for Patient B, resulted in the unauthorized released of Patient A ' s PHI to an unintended third party.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights