ST BERNARDINE MEDICAL CENTER

Report ID: OEXH11, California Department of Public Health

Reported Entity: ST BERNARDINE MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when a Case Manager faxed documentation containing Patient A's PHI to the wrong recipient. This failure resulted in an unauthorized release of the patient's information.Finding:On October 24, 2014 at 12:10 PM, a phone interview was conducted with the Director of Case Management regarding an entity reported incident of a breach of PHI for Patient A which was detected on September 19, 2014. The Director of Case Management stated; "The employee inadvertently faxed the patient's protected health information (PHI) to the wrong recipient. The documents were faxed to Medical Group 1 instead of Medical Group 2. We immediately communicated with Medical Group 1 and they confirmed that they shredded the documents that they received in error."During a review of the documentation faxed to the wrong recipient, the documentation contained patient's name, date of birth, date of service, medical record number, and medical treatments.A review of the facility policy and procedure titled, "Patient Privacy: 110.049 Safeguarding Faxes and U.S Mail: Always verify the recipient's fax number before sending (including preprogrammed number)." Policy not dated.The failure of the employee to ensure that the fax number was correct before faxing the medical records resulted in the unauthorized release of Patient's PHI to an unintended third party.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights