RIVERSIDE COMMUNITY HOSPITAL

Report ID: ME9211, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and record review, the facility failed to ensure the Protected Health Information (PHI) of Patient A remained confidential. This failure resulted in the unauthorized disclosure of Patient A's PHI to Patient B.Findings:An interview was conducted with the facility's Privacy Manager (PM) on April 27, 2015, at 12:30 p.m. The PM stated discharge packets are given to all patients upon discharge. The PM stated a Registered Nurse gave Patient B Patient A's discharge packet on April 9, 2015. The event was subsequently reported to the Department on April 22, 2015.The PM stated the discharge procedure is, the Registered Nurse is to double check each page of the discharge packet to ensure it is the correct packet for the correct patient. The charge nurse then double checks the packet to also verify it is being given to the correct patient. The PM further stated the Registered Nurse did not follow the correct procedure in order to verify the correct patient received the correct discharge packet.A review of Patient A's PHI which was given to Patient B was conducted. The PHI reflected Patient A's name, date of birth, medical record and account numbers, a list of the patients prescriptions, the results of a medical procedure with accompanying pictures of the procedure.A review of the facility policy, "Safeguarding Protected Health Information (Effective Date: September 23, 2013)," was conducted. The policy indicated, "Facilities must have a process in place to verify documents are for the correct patient prior to providing the documents to the recipient (e.g., verify recipient and content prior to giving discharge papers to an individual)."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280