HEMET VALLEY MEDICAL CENTER

Report ID: C9Q911, California Department of Public Health

Reported Entity: HEMET VALLEY MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to prevent for one patient (Patient A) the unauthorized disclosure of Protected Health Information (PHI). This failure had the potential for the misuse of Patient A's private/medical information.Findings:During an interview with the Privacy Officer (PO), on April 13, 2015, at 11:30 a.m., the PO stated on March 3, 2015, the facility was informed by an outside service that they received a document containing PHI for Patient A.The PO stated during the process of sending a device to the outside service, the document containing the PHI for Patient A was included with the device and sent to the outside service.The PO stated the staff responsible for the breach, should have double checked the contents of the package prior to sending the package to the outside service.A review of the document sent to the outside service was conducted. The document contained the following information:Patient A's name,Patient A's date of birth,Patient A's social security number,Patient A's home address and phone number,Patient A's medical record number,Patient A's insurance information, and the name of the medical service Patient A was referred to.The facility policy and procedure titled "Breach of PHI" revised January 2015, indicated "Unlawful or unauthorized access means the inappropriate access, review, or viewing of patient medical information without a direct need..."The policy further indicated "Medical information means any individually identifiable information...Individually Identifiable means that the medical information included's or contains any element of personal identifying information sufficient to allow the identification of the individual, such as patient's name, address,telephone number, social security number..."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280