VALLEY CHILDREN'S HOSPITAL

Report ID: NGEZ11.01, California Department of Public Health

Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA

Issue:

Based on staff interview, clinical record and administrative document review, the facility failed keep Protected Health Information(PHI)confidential when Patient 1's PHI was inadvertently faxed by the Case Manager to a nonaffiliated Home Health Agency rather than the intended Insurance Company.This failure placed Patient 1's PHI at risk for unauthorized use.Findings: On 10/1/2012, Staff 1 (Regulatory Compliance Manager) stated on 9/18/2012, the Case Manager faxed her Utilization Review report to a Home Health Agency instead of the intended Insurance Company. She realized her mistake after she pushed the fax button. The Home Health Agency was notified immediately they shredded the records. Patient 1's PHI breached included Patient name, date of birth, medical record number, date admitted, physicians name, sex, account number, Patient status, date of service, diagnoses, maternal medical history, patients medical history and physical on date of service.The hospital's Policy and Procedure (PR-1033) titled "PHI, Use and Disclosure", dated 12/13, indicated "[Hospital] and its employees are committed to protect the privacy of patient's health information and to comply with applicable federal and state laws that protect the privacy and security of patient's health information". The Hospital policy and procedure (PR-1016) titled: "Confidentiality", dated 8/11, indicated "[Hospital] will maintain adequate administrative technical and physical safeguards to protect the privacy and confidential information from unauthorized use or disclosure, whether intentional or unintentional".

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights

Related Reports:

1 other violation reported on the same date. Note that other citations may be about the same event: 2C3X11.01