Scripps Mercy Hospital

Report ID: DVKF11, California Department of Public Health

Reported Entity: SCRIPPS MERCY HOSPITAL

Issue:

Based on interview and document review the hospital failed to ensure that Patient 2's personal and protected health information (PHI) was kept confidential when a health care worker gave Patient 2's discharge medication list to Patient 1 on discharge from the emergency room. As a result of this failure, Patient 1 had access to Patient 2's personal information. Findings:An on site investigation of an entity reported privacy breach was initiated on 1/14/14. It was reported to the California Department of Public Health that, on 12/1/13 an unauthorized and inadvertent disclosure of Patient 2's discharge medication list was given to another patient (Patient 1) on discharge from the hospital's emergency room.On 1/14/14 at 1:45 P.M., an interview was conducted with the clinical risk specialist (CRS). The CRS stated that Patient 1 and Patient 2 were in the hospital's emergency room and that the licensed nurse (LN) 1 discharged Patient 1 and Patient 2 at the same time. The discharge paperwork signed, dated and timed for both Patient 1 & Patient 2 was observed with a date of 12/1/13 at 12:15 P.M., which included the "Discharge Medication List". Patient 1 noticed Patient 2's name on her discharge medication list as she left the hospital. Patient 1 then returned and gave the paperwork back to the emergency room and received her discharge medication list which was dated 12/1/13 at 12:21 P.M. The report that was inadvertently given to Patient 1 included, Patient 2's name, date of service, medical record number, account number, date of birth, age, gender, the attending physician's name and the medication Patient 2 was to continue to take at home. On 1/14/14 at 3:15 P.M., a record review of the document titled, "The Six 'Rights' of Discharge" was conducted. This document indicated, "Right Patient: Check armband for name, Ask for date of birth. Right Medication Reconciliation: Check the name on the form. Check the current medication list for accuracy. Check the discharge medications for accuracy. Right Discharge Instructions: Check the name on the paperwork. Check all the pages...". The bottom of this document indicated, "Your signature below acknowledges that you understand the information provided to you on the education listed and will comply with the aforementioned details". LN 1's signature was observed with a date of 6/25/12.On 1/14/14 at 4:01 P.M., an interview was conducted with LN 1. LN 1 stated that she was discharging both Patient 1 and Patient 2 at the same time. LN 1 stated that she had typed in the medications that Patient 2 needed to continue at home on the "Discharge Medication List", then she clicked on his name (Patient 2's) but should have double clicked to get out of his medical record. LN 1 stated that after she clicked once on his name that she typed in Patient 1's medications to continue at home on the same document for Patient 2, then she printed the "Discharge Medication List" and placed Patient 1's label next to the list of medications. LN 1 acknowledged that she was rushing and did not look at the name on the paper to ensure it matched the label of Patient 1. LN 1 further acknowledged that she did not pay attention when she click on the Patient 2's name to ensure she was out of his medical record before typing Patient 1's medications.On 1/14/14 at 4:20 P.M., an interview was conducted with the emergency department director (EDD). The EDD stated that the discharge procedure was to review the name, with the label on each separate paper of the discharge instructions with the patients armband. The EDD further stated that the licensed nurses were to then review each page with the patient after it was verified to be the correct patient, cut off the arm band and escort the patient out of the hospital. The EDD acknowledged these steps were not followed by LN 1 which led to Patient 2's information inadvertently given to Patient 1 on discharge from the emergency department.A review of the hospital's policy and procedure, entitled "Health Information, Access, Use and Disclosure", dated 9/24/13, indicated "Policy: ... 3. Category III: Disclosure Requiring Authorization from the Patient/legal Representative a. Disclosure of Protected health Information for any reason... requires patient/legal representative authorization." The nursing staff's failure to check the record to validate the patient's name prior to the release of the document, resulted in the inadvertent and unauthorized release of protected health record information. This was also in violation of the patient's right to confidentiality of all communications and record pertaining to health care received at the hospital.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights