RIVERSIDE COMMUNITY HOSPITAL

Report ID: D0H711, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and record review, the facility failed to prevent unauthorized disclosure of PHI when one ED patient (Patient 1) was DC'd home with lab results from a different patient (Patient 2) attached to her DC instructions. This failed practice resulted in unauthorized person(s) having access to the PHI of Patient 2, and the potential for his physical, emotional, and financial harm.Findings:During an interview with the facility PO on October 14, 2013, at 11 a.m., the PO stated on October 1, 2013, Patient 1 was DC'd home from the ED with the lab results for Patient 2 attached to her DC instructions. The PO stated the facility became aware of the incident on October 2, 2013, when Patient 2 realized she had lab results for a different person, and returned them to the facility.The lab results for Patient 2 that were sent home with Patient 1 were reviewed on October 14, 2013. The results included the following PHI:1. Name;2. Age;3. Sex;4. DOB;5. MRN;6. Account #;7. Date of service; and,8. Lab results indicative of specific disease processes.The facility policy titled, "Safeguarding Protected Health Information," was reviewed on October 14, 2013. The policy indicated the following:a. The facility must take reasonable steps to safeguard and protect PHI;b. The facility must ensure that reasonable safeguards are in place to protect paper documents containing PHI; and,c. The facility must have a process in place to verify documents are for the correct patient prior to providing the documents to the recipient (e.g. verifying recipient and content prior to giving DC papers to an individual).The ED nurse did not take steps to ensure correct documents were given to Patient 1 on discharge, resulting in disclosure of PHI for Patient 2 to unauthorized persons.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280