COMMUNITY REGIONAL MEDICAL CENTER

Report ID: LJDG11, California Department of Public Health

Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER

Issue:

Based on interview, clinical record, and administrative document review, the facility failed to keep Protected Health Information (PHI) confidential when Patient 1's discharge instructions was added to Patients 2's and faxed to a local Skilled Nursing Facility in error. This failure caused the breach of Patient 1's PHI and possible unauthorized use.Findings:On 6/27/14 at 9:50 a.m., during an interview, Staff 1 (Privacy Officer) stated that on 11/11/12 Staff 2 (Case Manager Liaison ) mistakenly sent Patient 1's PHI along with another patients discharge instruction to Pacific Gardens Nursing and Rehabilitation Center. Staff indicated that the discharge instructions contained name, medical record number, account number, and discharge instructions. On 6/27/14, Patient 1's discharge instructions was reviewed. Patient 1's discharge instructions contained name, medical record number, account number, surgery information, list of medications, and list of belongings.The hospital policy and procedure titled "HIPPA General Rule for the Use and Disclosure of PHI" dated 4/18/12, indicated "1. ac. Protected Health Information (PHI) means any information about a patient that has been received , created, or stored by the CMC which includes information that may be used to identify the patient. PHI includes any such information whether in oral or recorded form (both electronic and written). B. 2. It is the responsibility of all CMC workforce members to comply with the policy and procedures and cooperate with CMC management to identify and correct problems that may cause privacy or security breaches."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights