VALLEY CHILDREN'S HOSPITAL

Report ID: DV8J11.01, California Department of Public Health

Reported Entity: CHILDRENS HOSPITAL CENTRAL CALIFORNIA

Issue:

Based on staff interview, clinical record review, and administrative document review, the facility failed to ensure confidential treatment of protected health information (PHI) when:1. Patient 1's audiology report was faxed to the wrong insurance review company. (CA00384339)2. Patient 2's occupational therapy (OT) and physical therapy (PT) utilization review documents were faxed to an incorrect fax machine located at the county jail. (CA00383941).3. Patient 3's co-payment receipt was given to Patient 4. (CA00384326)4. Patient 5's prescription was given to Patient 6. (CA00384369)5. Patient 7's prescription was faxed to a title company's fax machine. (CA00386051)These failures placed Patient 1, 2, 3, 5, and 7's PHI at a potential for unauthorized use.Findings:CA003843391. On 3/21/14 at 10:20 a.m., during an interview, the Accreditation Coordinator (AC) stated the Clinical Audiologist (CA) faxed a hearing aid diagnostic report to an incorrect insurance review company. The AC stated the CA did not verify the correct button was pushed on the fax machine prior to sending the fax. The PHI disclosed included Patient 1's name, date of birth, medical record number, account number, date of service, diagnosis, clinical findings, and physician notes.The facility policy and procedure titled "Confidentiality" dated 8/11, indicated, "POLICY. It is the policy of [facility] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [facility] and/or by specific legal statutes shall be kept confidential...[facility] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intention or unintentional..."CA003839412. On 3/21/14, at 10:28 a.m., during an interview, the Accreditation Coordinator (AC) stated the Case Manager (CM) 1 input an incorrect fax number and faxed Patient 2's information to the county jail. CM 1 did not verify that the fax number was correct before sending the fax. Patient 2's PHI disclosed included name, date of birth, address, phone number, medical record number, account number, diagnosis, medical history, treatment, and discharge instructions. Also included in the PHI was the guarantor's name, address, telephone number, and social security number.The facility policy and procedure titled "Confidentiality" dated 8/11, indicated, "POLICY. It is the policy of [facility] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [facility] and/or by specific legal statutes shall be kept confidential...[facility] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intention or unintentional..." CA003843263. On 3/21/14, at 10:37 a.m., during an interview, the Accreditation Coordinator (AC) stated the Emergency Department Registrar (EDR) gave a co-payment receipt with Patient 3's PHI to a family member of Patient 4. The AC stated the EDR had multiple screens open on her computer at the same time and credited Patient 3's account with the payment made by Patient 4's family member. The AC stated the EDR did not check the name printed on the receipt and verify the name of the patient prior to giving the receipt to Patient 4's family member. Patient 3's PHI disclosed included Patient 3's name and account number.The facility policy and procedure titled "Confidentiality" dated 8/11, indicated, "POLICY. It is the policy of [facility] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [facility] and/or by specific legal statutes shall be kept confidential...[facility] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intention or unintentional..."CA003843694. On 3/21/14, at 10:41 a.m., the Accreditation Coordinator (AC) stated the Registered Nurse (RN) 2 gave a prescription for Patient 5 to Patient 6's family member. AC stated RN 2 did not verify all information on all papers given to Patient 6's family member. Patient 5's PHI disclosed included Patient 5's name, medical record number, and medications ordered.The facility policy and procedure titled "Confidentiality" dated 8/11, indicated, "POLICY. It is the policy of [facility] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [facility] and/or by specific legal statutes shall be kept confidential...[facility] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intention or unintentional..." CA003860515. On 3/21/14 at 10:47 a.m., during an interview, the Accreditation Coordinator (AC) stated Case Manager (CM) 2 faxed Patient 7's PHI to an incorrect fax machine located at a real estate title company. The AC stated CM 2 did not verify the fax number prior to sending the fax. Patient 7's PHI disclosed included Patient 7's name, medical record number, and diagnosis.The facility policy and procedure titled "Confidentiality" dated 8/11, indicated, "POLICY. It is the policy of [facility] to respect and protect the privacy rights of patients, their families, employees and third parties. All information that is deemed confidential by [facility] and/or by specific legal statutes shall be kept confidential...[facility] will maintain adequate administrative, technical and physical safeguards to protect the privacy of confidential information from unauthorized use or disclosure, whether intention or unintentional..."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights

Related Reports:

1 other violation reported on the same date. Note that other citations may be about the same event: 9V5011.01