LOMA LINDA UNIVERSITY MEDICAL CENTER

Report ID: B3KZ11, California Department of Public Health

Reported Entity: LOMA LINDA UNIVERSITY MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to ensure the confidential treatment of Patient A's protected health information (PHI), when an employee at the clinic inadvertently mailed Patient A's after visit summary and clinical referrals to Patient B. This resulted in a breach of PHI for Patient A.Findings:On September 29, 2014 at 12:30 PM, a phone interview was conducted with the Office of Corporate Compliance regarding an entity reported incident of a breach of PHI for Patient A, on September 9, 2014. An employee mailed the wrong after visit summary report and clinical referrals to the wrong patient. The after visit summary letter was mailed in error to the incorrect patient with a similar name. The employee did not double check the name before mailing Patient A's documents to Patient B.A review of Patient A's documentation that was given to Patient B included Patient A's name, medical record Number, phone number, address, insurance provider, insurance group number, diagnosis, list of medications, and follow up instructions.A Review of the facility policy and procedure titled, "Protection of Patient Privacy," dated May 2013, indicated under section, "Written Information," Distributed lists and reports containing PHI, e.g. ADT list, census, medical record information, shall be delivered/distributed as follows: A. Only to authorized persons..."The failure of the employee to verify all documents belonging to the intended recipient, Patient A, resulted in the unauthorized release of Patient A's PHI to Patient B.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights