RIVERSIDE COMMUNITY HOSPITAL

Report ID: 7IWL11, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and record review, the facility failed to ensure the PHI (protected health information) of Patient A remained confidential. On September 4, 2014, staff failed to verify a fax number prior to sending Patient A's documents via fax. This failure resulted in the unauthorized disclosure of Patient A's PHI to an unintended recipient in the community.Findings:An interview was conducted with the facility's Manager of HIPAA (Health Insurance Portability and Accountability Act), on September 11, 2014, at 1:45 p.m. The Manager stated information regarding Patient A's recent emergency room (ER) visit was sent via FAX, to the wrong FAX number (a Dental Office not involved in the patient's care), on September 4, 2014. The Manager stated facility staff failed to verify the FAX number prior to sending the document. The Manager stated the ER record included Patient A's name, date of birth, date of service, vital signs and medical history. A review of a copy of a letter sent to Patient A indicated, "we are writing to inform you of a recent disclosure of your protected health information to another patient that was done in error..." The letter indicated both demographic and clinical information was disclosed. A review of the facility's policy, "Safeguarding Protected Health Information (Effective Date: September 23, 2013)," was conducted. The policy indicated, "The facility must take reasonable steps to safeguard and protect PHI. When faxing PHI, workforce members should take appropriate safeguards:Verify the fax number before sending."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280