CLOVIS COMMUNITY MEDICAL CENTER

Report ID: OWKL11, California Department of Public Health

Reported Entity: CLOVIS COMMUNITY MEDICAL CENTER

Issue:

Based on staff interview, facility and administrative document review the facility failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's discharge instructions was mistakenly given to Patient 2.2. A prescription containing Patient 3's PHI was mistakenly given to Patient 4.This failure placed Patient 1 and Patient 3's PHI at a potential risk for unauthorized use.Findings:Refer to CA00294392 1. On 1/6/12 at 9:35 a.m., Staff 1 (Privacy Officer) stated on 12/21/11 the facility identified a possible privacy breach. The facility's internal investigation revealed Staff 2 (Registered Nurse) mistakenly gave Patient 1's discharge instructions to Patient 2. Staff 1 stated Staff 2 should have checked the patient's identification band to ensure the right patient was receiving the right documents.On 1/12/12 at 11:30 a.m., Staff 1 stated the discharge instructions contained Patient 1's name, date of service, medical record number, allergies and general care instructions.The facility policy and procedure number 12136, titled "HIPPA General Rules for the Use and Disclosure of PHI," dated 11/16/09, contained the following documentation: It is the policy of Community Medical Centers to protect the privacy and security of patient information and to comply with applicable laws and regulations. ...PHI includes any information received, created, or maintained by the facility in which the patient is or may reasonable be identified, regardless of whether the information is in oral, paper, or electronic form. ...Protecting the privacy of PHI means that PHI is used or disclosed only for authorized purposes...The facility may only use or disclose PHI if the patient has given a valid authorization.The facility policy and procedure number 12023 titled " Patient Identification, " dated 3/15/12, contained the following documentation: " The foundation of providing quality patient care is based on accurate patient identification. Employee interacting with patients is accountable for ensuring proper patient identification. " Refer to CA002943932. On 1/6/12 at 9:35 a.m., Staff 1 stated on 12/21/11 the facility identified a possible privacy breach. The facility's internal investigation revealed Staff 3 (Registered Nurse) mistakenly gave a Patient 4's a prescription that was labeled for Patient 3. Staff 1 stated Staff 3 should have checked the patient's identification band to ensure the right patient was receiving the right documents.On 1/12/12 at 11:30 a.m., Staff 1 stated the label on the prescription contained Patient 3's name, date of birth, date of service and medical record number.The facility policy and procedure number 12136, titled "HIPPA General Rules for the Use and Disclosure of PHI," dated 11/16/09, contained the following documentation: It is the policy of Community Medical Centers to protect the privacy and security of patient information and to comply with applicable laws and regulations. ...PHI includes any information received, created, or maintained by the facility in which the patient is or may reasonable be identified, regardless of whether the information is in oral, paper, or electronic form. ...Protecting the privacy of PHI means that PHI is used or disclosed only for authorized purposes...The facility may only use or disclose PHI if the patient has given a valid authorization.The facility policy and procedure number 12023 titled " Patient Identification, " dated 3/15/12, contained the following documentation: " The foundation of providing quality patient care is based on accurate patient identification. Employee interacting with patients is accountable for ensuring proper patient identification. "

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights