Mercy Medical Center

Report ID: 3XXN11, California Department of Public Health

Reported Entity: MERCY MEDICAL CENTER

Issue:

Based on staff interview, facility and administrative document review the facility failed to keep Protected Health Information (PHI) confidential when:1. Patient 1 ' s discharge instructions were mistakenly given to Patient 2.2. Patient 2 ' s discharge instructions were mistakenly given to Patient 1.These failures placed Patient 1 and Patient 2 ' s PHI at potential risk for unauthorized use.Findings: 1. On 9/11/12 at 10:30 am, during an interview, Staff 1 ( Privacy Officer) stated on 8/30/12, during the discharge process, Patient 1's discharge instructions were mistakenly given to Patient 2. Patient 1's discharge instructions contained Patient 1's name, date of birth, date of service, account number, attending physician, diagnosis and medication prescribed.2. On 9/11/12 at 10:30 am, during an interview, Staff 1 ( Privacy Officer) stated on 8/30/12, during the discharge process, Patient 2's discharge instruction's were mistakenly given to Patient 1. Staff 1 stated it was the staffs responsibility to check patients identification band to ensure the right patient received the right documents. Patient 2's discharge instructions contained Patient 2's name, date of birth, date of service, account number, attending physician, diagnosis and medication prescribed.The facility policy and procedure number IM-312, titled "Information Management", dated 12/09, indicated "In it the policy of [Hospital], to comply with state and federal regulations regarding the safeguarding of physical and electronic form of Protected Health Information (PHI). ...When providing copies of PHI to a patient, staff will stamp or mark the copies as "PROVIDED TO PATIENT".

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights