CORONA REGIONAL MEDICAL CENTER

Report ID: W2XG11.01, California Department of Public Health

Reported Entity: CORONA REGIONAL MEDICAL CENTER

Issue:

Based on interview and document review, the facility failed to ensure their (PHI) Protected Health Information was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information.Findings:On January 25, 2013, a visit was made to the facility to investigate a self-reported breach of PHI (protected health information). An interview was conducted with the facility's Director of Health Information Management (DHIM), on January 25, 2013, at 12:45 p.m. The DHIM stated the breach occurred on November 23, 2011. The DHIM stated the breached occurred in the Emergency Department. After Patient B was discharged home, Patient B noticed that his discharge medical records contained another person's name and information. The DHIM stated the employee placed the wrong label, that contained Patient A's information on Patient B's discharge records.The facility's policy and procedures titled, "Information Management," was reviewed. The policy indicated the hospital was, "Committed to make reasonable efforts to protect the privacy of patient's health information, and to comply with all applicable federal and state laws that protect the privacy and security of patient health information..." The facility failed to ensure Patient A's Protected Health Information was not disclosed to any entity not authorized to receive the information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: 8Z5211.01, GZIE11.01