CLOVIS COMMUNITY MEDICAL CENTER

Report ID: G9TQ11, California Department of Public Health

Reported Entity: CLOVIS COMMUNITY MEDICAL CENTER

Issue:

Based on interview, clinical record and administrative document review, the hospital failed to protect patient confidential information when Patient 1's clinical record was given to Patient 2 in error. This failure caused the breach of Patient 1's protected health information (PHI) and possible unauthorized use.Findings:On 10/12/12 at 11:54 a.m., the department received a fax from the hospital that indicated RN 1 had given Patient 1's discharge instructions to Patient 2 in error. On 12/3/12 at 2: 19 p.m., the Privacy Officer (PO) indicated RN 1 had given Patient 1's clinical record to Patient 2 in error on 10/10/12. The PO stated, "RN 1 inadvertently gave Patient 1's discharge papers to Patient 2 during the discharge process. When Patient 2 got home she realized the document had someone else's name on it. Patient 2 called the floor and was asked to destroy the document."The clinical record was reviewed on 2/3/13. The clinical record contained name, date of birth, medical record number, account number, and list of medications that caused allergic reaction and the type of reaction.The hospital policy and procedure titled "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12 indicated, "III: A. It is the policy of CMC (Community Medical Centers) to protect the privacy and security of patients information and to comply with applicable laws and regulations. III Guidelines: B. CMC Privacy Policies and Procedures: 1. CMC and its workforce members must comply with ... state and federal laws and regulations."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights