SAN ANTONIO REGIONAL HOSPITAL

Report ID: UCS511, California Department of Public Health

Reported Entity: SAN ANTONIO REGIONAL HOSPITAL

Issue:

Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A when Patient B received a Transfer of Care Summary for Patient A upon discharge, resulting in a breach of Patient A's PHI. Findings:A phone interview was conducted with the Director of Operations, Nursing Administration (DONA) on November 03, 2014 at 3:53 PM, to investigate an entity reported incident of a breach of PHI for Patient A. The DONA stated, "During discharge from the hospital Patient B was given the wrong packet of information containing Patient A's Transfer of Care Summary, which was in an envelope to go to Patient B's primary care physician. Patient A was information that a breach of PHI occurred." A review of Patient A's Transfer of Care Summary, reflected the PHI disclosed included the patient's name, date of birth, home address, phone number, diagnosis, medication list, lab test results and a general summary of care that Patient A received during the hospital stay. According to the DONA in the investigation summary, Patient B returned the entire packet and assured the hospital there was no other documentation in their possession. The facilities policy and procedure titles, "Identification, Patient", dated July 2011, indicated I. All personnel will follow guidelines to improve the accuracy of the patients identification used when providing paperwork that has PHI. II. When entering the patients room or treatment area, the employee will check the patient ID wrist band. III. The employee will check to ensure the two patients identifiers, patient's name and account number are correct. The facility's failure to follow their policy and procedures resulted in the unauthorized access of Patients A's PHI by Patient B.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights