CORONA REGIONAL MEDICAL CENTER

Report ID: W5WP11.01, California Department of Public Health

Reported Entity: CORONA REGIONAL MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to prevent the unauthorized disclosure of Patient A's medical information. This failure had the potential to result in misuse of protected health information.Findings:On February 28, 2012, the facility reported to the Department of Public Health they discovered a potential unauthorized disclosure of protected health information. An unannounced visit was made to the facility on November 15, 2012, at 10 a.m., to conduct an investigation into a entity reported incident.In an interview with the Director of Health Information Management, on November 15, 2012, at 10:30 a.m., the Director stated the breach occurred when Patient A's identification sticker was placed on the outside of a DVD being sent to another patient. On November 15, 2012, a letter sent to Patient A was reviewed. The letter, dated February 28, 2012, indicated the facility had received a phone call from a patient who stated they were given a radiology DVD with Patient A's name on it. Information on the DVD included:Name; Medical record number;Date of Exam; and Exam Description. The facility's policy titled "Confidentiality/Privacy," with a last reviewed date of May 2012, was reviewed on November 27, 2012. The policy indicated the facility was committed to make reasonable efforts to protect the privacy of patients' health information. The policy indicated PHI was individually identifiable health information that was transmitted or maintained in any form or medium.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: 6NP211.01, GD9M11.01