COMMUNITY REGIONAL MEDICAL CENTER

Report ID: IZ2G11, California Department of Public Health

Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER

Issue:

Based on interview, clinical record and administrative document review, the hospital failed to protect patient confidential information when Patient 1's clinical record was mailed to Patient 2 in error. This failure caused the breach of Patient 1's protected health information (PHI) and possible unauthorized use.Findings:On 8/3/12 at 8:15 a.m., the department received a fax from the hospital that indicated Patient 1's insurance claims information was sent to Patient 2 in error. On 9/10/12 at 3:40 p.m., the Privacy Officer (PO) indicated Patient 1's insurance claims record to was mailed to Patient 2 in error. The PO stated, "Patient 1's billing information was attached to Patient 2's billing information and mailed to Patient 2's home address. Patient 2's mother opened the mailed and found Patient 1's clinical record attached to her Patient 2's record. Patient 2's mother reported to the billing department. The clinical record was retrieved."The clinical record was reviewed on 1/24/14. The clinical record contained name, date of birth, medical record number, account number, address, phone number, social security number and admission information.The hospital policy and procedure titled "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12 indicated, "III: A. It is the policy of CMC (Community Medical Centers) to protect the privacy and security of patients information and to comply with applicable laws and regulations. III Guidelines: B. CMC Privacy Policies and Procedures: 1. CMC and its workforce members must comply with ... state and federal laws and regulations."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights