COMMUNITY REGIONAL MEDICAL CENTER

Report ID: 1K9Z11, California Department of Public Health

Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER

Issue:

Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when:1. Patient 1's medical information was faxed to an unauthorized recipient. (refer to CA00359255)2. Patient 1's home medication was given to another patient on discharge. (refer to CA00379569)These failures resulted in the unauthorized disclosure of Patient 1 and 2's PHI and the potential for abuse of that information.Findings: Refer to CA00359255 1. On 2/21/14 at 11:00 a.m., during an interview the Privacy Officer(PO) stated that a staff member inadvertently faxed Patient's 1 Imaging results to a Home Health Agency. The fax was intended for Patient's 1 physician. Patient 1's PHI breached included name, date of birth, medical record number, medical history, results of the swallow study, and treatment recommendations.The Hospital's Policy and Procedure titled "HIPAA General Rules for the Use and Disclosure of PHI", dated 4/18/12, indicated "III. Policy A. It is the policy of [hospital] to protect the privacy and security of patient information and to comply with applicable laws and regulations."Refer to CA003795692. On 2/21/14 at 9:30 a.m., during an interview, the Privacy Officer (PO) stated Patient 2's home medication was given to another patient during the discharge process. Patient 2's PHI breached included name and name of the medication.The Hospital's Policy and Procedure titled "HIPAA General Rules for the Use and Disclosure of PHI", dated 4/18/12, indicated "III. Policy A. It is the policy of [hospital] to protect the privacy and security of patient information and to comply with applicable laws and regulations."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights