Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ST MARY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 17, 2014. Also cited in 55 other reports.
Report ID: L87111.01, California Department of Public Health
Reported Entity: ST MARY MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient B when Employee 1 gave Patient B's prescription to Patient A on discharge from a facility on April 24, 2014, which resulted in an unauthorized disclosure of Patient B's PHI.Findings:On December 9, 2014, at 10:35 AM an interview was conducted with Employee 1, and the Risk Manager (RM) regarding an entity reported incident of a breach of PHI for Patient B, detected on May 29, 2014. During an interview with the RM, it was confirmed that on May 29, 2014, a breach of PHI (Protected Health Information) occurred in Facility 1 regarding the unauthorized disclosure of Patient B's PHI when a Patient B's perscription was inadvertently given to Patient A.During an interview with Employee 1, she stated that she did not recall the incident, but stated that the process for giving patients their prescriptions at the time of the occurrence was for the provider to give the staff the prescription, which would then be copied and given to the patient. Also during the interview, Employee 1 stated that the process for giving patients their prescriptions at the time of the occurrence was for the provider to give the staff the prescription, which would then be copied and given to the patient. During a concurrent interview with Employee 1 and the RM, the RM stated that Patient B was notified by certified mail of the breach her PHI.During a review of the documentation, a copy of the prescription for Patient B was reviewed. The prescription included the Patient B's name and medication ordered.A copy of the certified letter sent to Patient B on June 4, 2014 was present.A review of the employee's records included; "Confidentiality Agreement" signed and dated 4/11/13, General Orientation Verification, and Educational Transcripts which included HIPAA training.A review of the facility's policy and procedure titled "Confidentiality Policy" dated 1/22/14 states, "The employee will follow all (Facility 1's) policies and procedures and the Standards of Conduct, and will take all precautions to prevent any intentional or unintentional use or disclosure of patient heath information without the signed authorization of the patient".The facility failed to ensure the correct prescription was given to the correct patient resulting in unauthorized release of Patient B's PHI.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights