COMMUNITY REGIONAL MEDICAL CENTER

Report ID: IK8E11, California Department of Public Health

Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER

Issue:

Based on interview, clinical record and administrative document review, the hospital failed to protect patient confidential information when Patient 1's clinical record was given to Patient 2 in error. This failure caused the breach of Patient 1's protected health information (PHI) and possible unauthorized use.Findings:On 10/17/12 at 3:58 p.m., the department received a fax from the hospital that indicated RN 1 had given Patient 1's prescription sheet to Patient 2 in error. On 12/3/12 at 2:30 p.m., the Privacy Officer (PO) indicated RN 1 had given Patient 1's clinical record to Patient 2 in error on 10/11/12. The PO stated, "RN 1 gave Patient 1's prescription sheet to Patient 2 during the discharge process. Patient 2's family went to fill the prescription and realized the Prescription had someone else's name on it. Patient 2's family returned the prescription."The clinical record was reviewed on 2/3/13. The clinical record contained name, date of birth, medical record number, phone number, home address, and medications prescribed.The hospital policy and procedure titled "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12 indicated, "III. Policy: A. It is the policy of CMC (Community Medical Centers) to protect the privacy and security of patients information and to comply with applicable laws and regulations. III. Guidelines: B. CMC Privacy Policies and Procedures: 1. CMC and its workforce members must comply with ... state and federal laws and regulations."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights