MENIFEE VALLEY MEDICAL CENTER

Report ID: L0VY11, California Department of Public Health

Reported Entity: MENIFEE VALLEY MEDICAL CENTER

Issue:

Based on interview and document review, the facility failed for one patient (Patient A), to ensure that (PHI) Protected Health Information was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information.Findings:On August 5, 2013, at 9:30 a.m., unannounced visit was made to the facility to investigate a breach of PHI. An interview was conducted with the Information Privacy Officer on August 5, 2013, at 9:45 a.m. The Information Privacy Officer stated on July 1, 2013, discharge instructions were given to Patient B with Patient A's demographic information. The charge nurse printed Patient B's discharge information and handed it to RN 1 without verifying that the information on the form was correct for Patient B. RN 1 gave the instructions to Patient B without verifying that the information, including the patient's name and demographic information was accurate. RN 1 gave Patient B discharge instructions with Patient A's demographic information, including Patient A's name, date of birth, medical record number and physician's name. The facility's Emergency Department's policy and procedure titled, "Discharged Instructions," was reviewed. The policy did not address the procedure to ensure the correct information was given to the correct patient. The policy did not address procedures to prevent breaches and incidents of unauthorized access to Patients' medical records and demographic information.The hospital failed to ensure ER staff followed procedures and gave discharge instructions with accurate information to the patients at discharged. As a result, Patient A's demographic information was breached, and exposed to unauthorized access of private information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280