RIVERSIDE COUNTY REGIONAL MEDICAL CENTER

Report ID: GXJO11, California Department of Public Health

Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to prevent the unauthorized disclosure of Protected Health Information (PHI) for one patient, Patient A, when document labeled with Patient A's medical information was provided to Patient B. This failed practice had the potential to result in the misuse of Patient A's PHI. Findings:On June 18, 2014, at 8:50 a.m., a phone investigation was conducted for an entity reported incident investigation. In a concurrent interview with the Administrative Services Officer (AS0), the ASO stated the facility was informed that a document labeled with Patient A's PHI was given to Patient B. The document provided to Patient B titled "ER (Emergency Room) Referral Request Form" dated June 4, 2014, was reviewed. The document contained Patient A's name and medical record number.The ASO stated the facility's policy and procedure regarding the use of two patient identifiers and a "Stop" procedure(nurses stop and verify the document contained the correct information) prior to the release of documents, was not followed.The facility policy and procedure titled "Patient Identification" dated May 23, 2012, indicated "Use at least two patient identifiers when providing care, treatment, or other services..."The facility policy and procedure titled "Patient Privacy: HIPPA" dated August 27, 2013, indicated "Maintain the highest level of confidentiality for all protected health information...Protected Health Information (PHI) is defined as verbal, written, or electronic information...Such as name..medical record number...information about the patient's medical condition..diagnostics, testing, treatment..."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280