SAN ANTONIO REGIONAL HOSPITAL

Report ID: 83LV11, California Department of Public Health

Reported Entity: SAN ANTONIO REGIONAL HOSPITAL

Issue:

Based on interview and record review, the facility failed to maintain confidentiality of protected health information (PHI) for Patient A, when his laboratory results were faxed to the wrong recipient, resulting in a breach of his privacy.Findings:On 1/19/12 at 9:30 AM, an unannounced visit was made to the facility to investigate a entity reported incident that occurred on 6/22/11. During an interview with the privacy officer at 9:45 AM, he reported that a laboratory personnel had faxed Patient A's lab oratory results to the wrong number. The results were to be faxed to a physician's office but were inadvertently sent to an outside medical technical company who caught the error. A review of the phone numbers for the two entities indicated that they were the same with the exception of the last digit.A review of the Confidentiality statement and subsequent training for the employee who made the error reflected that she had received the required training.A review of the facility policy an d procedure titled\,"Faxing Information", dated 7/09, indicated , "Sensitive information (such as tests or other patient information) protected by stricter regulations will be sent by another route, e.g. U.S. mail..." The policy further indicated that if the number to be used for faxing was a frequently used one that was per-programmed in to the fax machine, the managers and users "should periodically verify preprogrammed fax numbers".The privacy officer reviewed the documents sent containing Patient A's PHI and confirmed that a breach had occurred.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights