SAN ANTONIO REGIONAL HOSPITAL

Report ID: NTDI11.01, California Department of Public Health

Reported Entity: SAN ANTONIO REGIONAL HOSPITAL

Issue:

Based on interview and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when a Radiology clerk (Employee 1) mailed a radiology report containing Patient A's PHI to Patient B. This failure resulted in an unauthorized release of PHI for Patient A.Finding:On August 14, 2014 at 9:20 AM, a phone interview was conducted with the Director of Nursing Operations (DNO) regarding an entity reported incident of a breach of PHI for Patient A. The DNO stated, "The employee was putting together reports when she inadvertently attached two reports of two different patients, Patient A and B together and mailed them to Patient B." The DNO further stated, "Two identifiers are to be used to check every page in a packet before mailing." During a review of the radiology report dated May 5, 2009, mailed to Patient B, the report contained Patient A's name, date of birth, visit number, x-ray number and transcribed radiology report.A review of the facility policy and procedure titled, "Confidentiality, Protecting Confidential Information," dated July, 2011, indicated, "Confidential information must be protected from unauthorized uses; disclosures....must be protected to prevent financial fraud and identity theft."The failure of Employee 1 to verify all pages of the report belonged to the intended recipient, Patient B, resulted in the unauthorized release of Patient A's PHI to Patient B.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights

Related Reports:

1 other violation reported on the same date. Note that other citations may be about the same event: 0NYU11.01