RIVERSIDE COMMUNITY HOSPITAL

Report ID: LS0411, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and record review, the facility failed to ensure staff did not disclose Patient A's Protected Health Information (PHI) to an unauthorized recipient. This resulted in the unauthorized disclosure of Patient A's PHI which created the potential for unauthorized use.Findings:On May 29, 2014, at 3:15 p.m., the facility Privacy Manager (PM) was interviewed. The PM stated on May 12, 2014, Patient B's family notified the facility that a document with Patient A's label was found with Patient B's hospital paperwork. The PM stated the label included Patient A's name, date of birth, room number, physician's name, medical record and account number.A copy of the letter sent to Patient A was reviewed on May 29, 2014. The letter indicated: "We are writing to inform you of a recent disclosure of your protected health information to another patient ...An investigation has been conducted by the Facility Privacy Official and it has been noted that your personal information list below was disclosed: Demographic information."The facility policy titled,"Safeguarding Protected Health Information," with an effective date of November 1, 2011, was reviewed. The policy indicated: "Purpose: to facilitate compliance...To establish guidelines for protecting and safeguarding protected health information... The facility must take reasonable steps to safeguard and protect PHI...Paper Documents Containing PHI...Facilities must have a process in place to verify documents are for the correct patient prior to providing the document to the recipient..."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280