KAISER FOUNDATION HOSPITAL-MORENO VALLEY

Report ID: 18VJ11.01, California Department of Public Health

Reported Entity: KAISER FOUNDATION HOSPITAL-MORENO VALLEY

Issue:

Based on interview and record review, the facility failed to ensure the PHI (protected health information) of Patient A remained secure. This failure potentially resulted in the disclosure of Patient A's PHI to an unauthorized source.Findings:An interview was conducted with the Director of Accreditation, Regulations and Licensing (DOA) on February 18, 2015, at 10:30 a.m. The DOA stated between the hours of 12:30 p.m., January 4, 2015, and 6 a.m., January 5, 2015, a business associate's office was broken into and a password protected computer was stolen. The DOA further stated there was PHI which was not encrypted for multiple patients on the computer,which included PHI for Patient A.The DOA further stated the PHI was incorporated into a large spread sheet and as such there was no separate document for each patient. The PHI for Patient A included the patient's first and last name, admission number, date of birth, gender, dates of service, MediCal number, Insurance member identification number, and the type of treatment given.A review of the facility policy, "Mitigation of Impermissible Uses and Disclosures of Protected Health Information (Effective Date: 10/17/2013)" was conducted. The policy indicated the facility must take action to reduce or eliminate, to the extent feasible, any known compromise caused by an impermissible use or disclosure or protected health information by the facility or its business associates.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

The report containing this deficiency also includes information about 1 other violation. Note that these may be related to the same event: 18VJ11.02