SAN ANTONIO REGIONAL HOSPITAL

Report ID: SQ9N11.01, California Department of Public Health

Reported Entity: SAN ANTONIO COMMUNITY HOSPITAL

Issue:

Based on interview and record review, the facility failed to ensure the confidential treatment of Patient B's protected health information (PHI), when a Hospital Billing Department staff member (Employee 1) mistakenly placed Patient A's name and address on Patient B's billing statement. Patient A and Patient B have the same name and are related. This resulted in a breach of PHI for Patient B.Finding:On August 6, 2014 at 3:15 PM, a phone interview was conducted with the Director of Nursing Operations (DNO) regarding an entity reported incident of a breach of PHI for Patient B, on August 2, 2013. Patient B's billing statement was placed in an envelope addressed to Patient A and mailed to Patient A. The DNO stated, "Name alerts are used in instances like these, they are supposed to be checked by three identifiers, date of birth, Social Security number and name before being sent, this was not done."During a review of the documentation that had been mailed to Patient A, the documents included, Patient B's billing statement which contained Patient B's name, home address, statement number, account number and account balance.A review of the facility policy and procedure titled, "Confidentiality, Protecting Confidential Information," dated July, 2011, indicated, "Confidential information must be protected from unauthorized uses, disclosures....account numbers...must be protected to prevent financial fraud and identity theft."The failure of Employee 1 to ensure the name and address were verified before mailing, resulted in the unauthorized release of Patient B's PHI to Patient A.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: CWQX11.01, RJOT11.01