KAISER FOUNDATION HOSPITAL - RIVERSIDE

Report ID: HQJU11, California Department of Public Health

Reported Entity: KAISER FOUNDATION HOSPITAL, RIVERSIDE

Issue:

Based on interview and record review, the facility failed to ensure the PHI (protected health information) of Patient B remained confidential. This failure resulted in the unauthorized disclosure of Patient B's PHI to an unintended recipient.Findings:An interview was conducted with the facility's Compliance Project Manager (CPM) on July 7, 2014, at 1:20 p.m. The stated Patients A and B were both in the Gastrointestinal Laboratory on June 18, 2014, having procedures. Patient A subsequently contacted member services on June 20, 2014, to tell them she received an "after visit summary" that belonged to Patient B. The CPM further stated the facility does not supply an "after visit summary" to patients so the facility was unable to verify what exactly was given to Patient A. On July 2, 2014, after multiple attempts to speak with Patient A, the GI Lab Director spoke with Patient A and was told that it was a document regarding Patient B's procedure. The breach was then reported to the Department on July 3, 2014.A review of Patient B's PHI which was given to Patient A was conducted. The PHI reflected Patient B's name, address, medical record number, date of birth, diagnosis and the name of the procedure.A review of the facility policy, "Protected Health Information: Process For Distributing Documents (Effective Date 4/2014)." The policy indicated, "To ensure patient confidentiality and protect the organization by confirming that document containing Protected Health Information (PHI) are given to the correct member or caregiver...Ask the Member...to state their name...Review documents with the member or caregiver."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280