ST MARY MEDICAL CENTER

Report ID: V3JK11, California Department of Public Health

Reported Entity: ST MARY MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to protect Patient A's medical information. This breach caused Patient A's protected health care information to be released.Findings:The facility self-reported that an employee in the imaging department used her position to request a minor patient's (Patient A) laboratory report from another facility and subsequently faxed the information to the patient's mother without a proper "Consent to Release Information" form completed. During an interview with the health information officer on 6/20/12 at 3:45 PM she confirmed and stated, "A laboratory report was disclosed inappropriately."Review of the letter mailed to Patient A dated 4/13/12 stipulated that an inappropriate disclosure of Patient A's protected health information had occurred. The "Consent to Release Information" form was not completed.The healthcare information that was inappropriately released included: a. Name.b. Address.c. Birth Date.d. Account Number.e. Laboratory test and results.The policy and procedure titled "Release of Protected Health Information", Origination Date: 1/2012 indicated, it was the facility's requirement, "To obtain a valid authorization form from the patient or the patient's legal representative prior to using or disclosing protected health information (PHI) for purposes that are not related to the patient's treatment, payment ..."The policy also indicated, "The ... (Name) may use and disclose PHI for the purposes other than treatment, payment and its own health care operations after obtaining written authorization from the patient or the patient's legal representative using a compliant authorization form."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights