RIVERSIDE COUNTY REGIONAL MEDICAL CENTER

Report ID: UWXZ11, California Department of Public Health

Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to prevent unauthorized disclosure of protected health information (PHI) for one patient (Patient 1) when his discharge paperwork was sent to a skilled nursing facility (SNF) with a different patient (Patient 2). This failed practice resulted in unauthorized persons having access to PHI for Patient 1, and the potential for physical, emotional, and financial harm.Findings:During an interview with the facility privacy officer (PO) on December 11, 2014, at 9 a.m., the PO stated Patient 2 was transferred to a SNF on October 15, 2014, upon discharge from the hospital. According to the PO, when Patient 2 arrived at the SNF, the paperwork that was sent with her included the discharge paperwork for Patient 1.The discharge paperwork for Patient 1, that was sent to the SNF with Patient 2, was reviewed on December 11, 2014. The paperwork contained the following PHI:1. Name;2. Medical record number;3. Account number;4. Date of birth;5. Date of admission;6. Medical Diagnoses;7. Medical history;8. Name of physician;9. Summary of hospital stay;10. Discharge disposition;11. Allergies;12. Diet;13. Level of activity;14. Medications (including information for the pharmacy where his prescriptions were faxed);15. Follow-up appointments; and,16. Follow-up labs to be done.Failure of the nurse discharging Patient 2 to verify the correct paperwork was being sent with her resulted in unauthorized disclosure of PHI for Patient 1.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280