Ukiah Valley Medical Center

Report ID: LT1M11, California Department of Public Health

Reported Entity: UKIAH VALLEY MEDICAL CENTER/HOSPITAL D

Issue:

Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of a patient's (Patient 1) medical information, when Patient 1's demographic label was placed on Patient 2's transfer form. This failure allowed the unlawful or unauthorized access to Patient 1's medical information. Findings: The California Department of Public Health was notified on 9/12/13 that a, "Breach of Protected Health Information (PHI)," occurred on 9/7/13.During an interview on 9/13/13 at 9:15 a.m., Administrative Staff A stated that, on 9/9/13, she was notified by Administrative Staff B that Patient 2's family contacted Licensed Staff D, on 9/7/13, to let the facility know that Patient 2's transfer form had Patient 1's demographic label on it, instead of Patient 2's demographic label. Licensed Staff D notified her supervisor, Licensed Staff C, who subsequently notified Administrative Staff B.The demographic label consisted of Patient 1's name, room number, gender, age, date of birth, caregiver, facility account number, facility medical record number, and admission date.Administrative Staff A also stated that the breach occurred on 9/7/13, when Patient 2's Physician grabbed Patient 1's demographic label and placed it on Patient 2's transfer form, in error, without verifying that he had the right demographic label for the right patient.A review of the facility Policy and Procedure for, "PATIENT RIGHTS RELATED TO PROTECTED HEALTH INFORMATION" (9/2/05), revealed the following: "POLICY SUMMARY/INTENT: The facility is committed to protecting the privacy and security of PHI."The Department verified that Patient 1 was informed of the breach, by mail, on 9/12/13, within the required timeframe's.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280