HIPAA Helper »
MENIFEE VALLEY MEDICAL CENTER »
Sep 9, 2013

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

MENIFEE VALLEY MEDICAL CENTER

28400 MCCALL B0ULEVARD SUN CITY,CA 92585

Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 9, 2013. Also cited in 14 other reports.

Report ID: 3VH211.02, California Department of Public Health

Reported Entity: MENIFEE VALLEY MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to report unauthorized disclosure of PHI to the Department within five business days when RN 1 provided DC instructions to Patient 1 that contained a patient identification label for Patient 2. This failed practice resulted in the potential for a delay in investigating the unauthorized disclosure and the potential for physical, emotional, and financial harm to Patient 2.Findings:During an interview with the HIM Director on September 9, 2013, at 10:15 a.m., the director stated RN 1 was discharging patients home from the hospital on January 23, 2012, and she placed a label for Patient 2 onto the DC instructions for Patient 1. The director stated Patient 1 was sent home with his DC instruction papers the contained Patient 2's label.The patient identification label was reviewed on September 9, 2013. The label included the following PHI:1. Name;2. DOB;3. Sex;4. Age;5. MRN;6. Account number;7. Admission date; and,8. Physician's name.During the interview with the director, the director stated the CN and RN 1 were aware of the unauthorized disclosure on January 23, 2012, but it was not reported to HIM until January 27, 2012 (four days later). She stated the unauthorized disclosure was reported to the Department on February 1, 2012 (seven business days after the unauthorized disclosure was identified).The report of unauthorized disclosure was reviewed on September 9, 2013. The report was dated February 1, 2012, and faxed to the Department on that date.The facility policy titled, "Breach of PHI - Notification Requirements," was reviewed on September 10, 2013. The policy indicated the following:1. Any hospital workforce member shall report any unauthorized disclosure of a patient's medical information to the PO;2. The hospital shall report in writing any unauthorized disclosure of a patient's medical information to the CDPH no later than five business days after the unauthorized disclosure has been detected by the hospital.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

The report containing this deficiency also includes information about 2 other violations. Note that these may be related to the same event: 3VH211.01, 3VH211.03

1 other violation reported on the same date. Note that other citations may be about the same event: LPWR11.01

Do you believe your privacy has been violated? Here’s what you can do: