SUTTER SANTA ROSA REGIONAL HOSPITAL

Report ID: N64711, California Department of Public Health

Reported Entity: SUTTER SANTA ROSA REGIONAL HOSPITAL

Issue:

Based on interview and record review, the facility failed to prevent unauthorized access and disclosure of a patient's (Patient 1) protected health information, when some of Patient 1's medical information was faxed to a private party instead of a physician. This failures allowed the unlawful or unauthorized access of protected health information.Findings:The California Department of Public Health was notified on 1/2/13 that a, "Breach of Protected Health Information (PHI)", occurred on 12/27/12.During an interview on 1/8/13 at 2:30 p.m., Administrative Staff A stated that she received a phone call, on 1/2/13, that a Private Party had received a faxed copy of Patient 1's Emergency Department exam, History and Physical, Laboratory results, and CAT scan results, Administrative Staff A further stated that it was human error, on the part of Unlicensed Staff B, in that she programmed the wrong fax number into the fax machine by transposing one number. Physician C's fax number ended in #7 and the fax number programmed into the fax machine ended in #9.A review of the facility Policy and Procedure for, "Confidentiality of Patient Care Information", (10/10), reveals the following: "I. POLICY Persons receiving health care services have the right to expect that the confidentiality of individually identifiable medical information will be reasonably preserved. Information regarding the hospital's patients' medical or personal status will not be released or disclosed inappropriately...III. APPLICATION OF POLICY A. All patient-related information is confidential. It will be shared only with those persons that have a legal right (i.e. the patient or the patient's surrogate) or a legitimate work-related need to know".

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280