CLOVIS COMMUNITY MEDICAL CENTER

Report ID: L21M11, California Department of Public Health

Reported Entity: CLOVIS COMMUNITY MEDICAL CENTER

Issue:

Based on staff interview, facility and administrative document review the facility failed to keep Protected Health Information (PHI) confidential when Patient 1's prescription was mistakenly given to Patient 2.This failure placed Patient 1 ' s PHI at a potential risk for unauthorized use.Findings:On 5/15/12 at 10:15 a.m., Staff 1 (Privacy Officer) stated on 4/30/12 the facility became aware of a possible privacy breach. The facility's internal investigation revealed on 4/26/12 Staff 2 (Registered Nurse) mistakenly gave Patient 1's prescription to Patient 2. Staff 1 stated it was Staff 2's responsibility to check the patient's identification band to ensure the right patient was receiving the right document.On 5/15/12 at 10:22 a.m., Staff 1 stated the prescription contained Patient 1's name, date of birth, medical record number, address, phone number and medication prescribed.On 5/15/12 at 4:50 p.m., the facility policy and procedure number 12136, titled "HIPPA General Rules for the Use and Disclosure of PHI," dated 11/16/09, contained the following documentation: "It is the policy of Community Medical Centers to protect the privacy and security of patient information and to comply with applicable laws and regulations. ...PHI includes any information received, created, or maintained by the facility in which the patient is or may reasonable be identified, regardless of whether the information is in oral, paper, or electronic form. ...Protecting the privacy of PHI means that PHI is used or disclosed only for authorized purposes...The facility may only use or disclose PHI if the patient has given a valid authorization."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights