Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST MARY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 17, 2014. Also cited in 55 other reports.
Report ID: 3YFU11.01, California Department of Public Health
Reported Entity: ST MARY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when Employee 1 transferred Patient B with Patient A's physician orders. This resulted in Patient A's PHI to be disclosed to individuals without authorization.Findings:On December 23, at 8:30 AM a phone interview was conducted with the Risk Manager (RM) after 2 unsuccessful attempts to interview Employee 1 regarding an entity reported incident of a breach of PHI for Patient A detected on August 25, 2014. The RM states that physician orders for Patient A were inadvertently included in a transfer packet for Patient B when Patient B was being transferred from Facility 1 to Facility 2. A staff member at Facility 2 viewed the physician orders, notified Facility 1 and told them the document was destroyed. The RM states that Patient A was notified by certified mail on August 29, 2014 of the breach of PHI.During a review of the documentation, a copy of the physician orders sent to Facility 2 in error included Patient A's name, date of birth, medical record number and account number, diagnosis, and physician orders.A review of the documentation included a copy of the certified letter dated August 29, 2014 sent to Patient A informing her of the breach of PHI.Copies of Employee 1's educational documents were reviewed which included; "Acknowledgement and confidentiality Form" signed and dated 3/4/14. "General Orientation Verification" dated 3/17/14, and "Educational Transcripts" dated 3/30/14 - 11/17/14.A copy of the "Confidentiality Policy" dated 1/22/14 states; The employee will follow all (Facility 1's) policies and procedures and the Standards of Conduct, and will take all precautions to prevent any intentional or unintentional use or disclosure of patient health information without the signed authorization of the patient".The facility failed to ensure the correct patient information was included in the transfer packet for Patient B resulting in an unauthorized release of Patient A's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights