VALLEY CHILDREN'S HOSPITAL

Report ID: WLSM11, California Department of Public Health

Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA

Issue:

Based on staff interview, clinical record and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when staff called the wrong number and left a voice message for a referral. This failure placed Patient 1's PHI at a potential risk for unauthorized use.Findings:On 8/8/12 at 12:30 p.m., during an interview, the Privacy Officer (PO) confirmed on 7/9/12, Patient 1's PHI had been breached when a social worker called the wrong number and left a message about an MRI (magnetic resonance imaging - a type of medical imaging) for Patient 1 on an answering machine. This error was discovered on 7/11/12, when the receiver of the message phoned the hospital and reported receiving the message in error. The breach was reported to the department on 718/12.Patient 1's PHI which was breached included the following: Name, appointment time for an MRI, and the physician.The facility policy and procedure number PR-1033, titled "PHI, Use and Disclosure" contained the following documentation: "...[Hospital's name] and its employees are committed to protect the privacy of patients' health information and to comply with applicable federal and state laws that protect the privacy and security of patients' health information." The facility policy and procedure number PR-1016, titled "Confidentiality" contained the following documentation: "...[Hospital's name] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intentional or unintentional."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights