COMMUNITY REGIONAL MEDICAL CENTER

Report ID: UFQ311.01, California Department of Public Health

Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER

Issue:

Based on staff interview and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when patient's PHI was given to an unauthorized recipient. This failure resulted in the breach of Patient 1's PHI and possible unauthorized use. Findings: 1. On 6/24/14, Complainant (CO) 1 came in to the Fresno District Office. CO 1 handed support staff Patient 2's clinical record. CO 1 stated Patient 2's clinical record was given to Patient 1. CO 1 indicated the clinical record was given to Patient 1 during discharge process with Patient 1's discharge instructions. On 7/11/14 at 3:05 p.m., during an interview, the Privacy Officer (PO) stated she was not aware of the above incident. Upon further investigation, the PO stated Patient 2's PHI had been printed in the emergency department and was given to Patient 1 by an unknown employee. Review of Patient 2's clinical record indicated the clinical record contained the following: Patient's name, date of birth, age, marital status, gender, religion, race, partial social security number, medical record number, treatment date, reason for treatment, and emergency contact name and phone number. Review of hospital Policy and procedure titled "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12, indicated "III. Guidelines: D. Using and Disclosing PHI: 1. ...may only use or disclose PHI if: a. the patient has given a valid authorization;"

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights

Related Reports:

1 other violation reported on the same date. Note that other citations may be about the same event: DSDJ11.01