ARROWHEAD REGIONAL MEDICAL CENTER

Report ID: 8FX511, California Department of Public Health

Reported Entity: ARROWHEAD REGIONAL MEDICAL CENTER

Issue:

Based on interview, and record review, the facility failed to ensure the confidential treatment of protected health information (PHI) for Patient A, when Employee 1 erroneously faxed Patient A's medical authorization forms to Company 2 instead of the intended recipient, Insurance Company 1. Findings:On April 2, 2015 at 8:32 AM, a phone interview was conducted with the Director of Respiratory care (DR) and Employee 1. Employee 1 stated the department had a new fax machine which was not yet programmed with the commonly used numbers, and she accidentally misdialed the insurance company (Insurance Company 1) by one number. The error was discovered by the Company 2, who then reported it to Insurance Company 1. Insurance Company 1 then reported the breach to the facility.During a review of the documentation faxed to the wrong company in error, the documentation contained Patient A's name, address, phone number, gender, date of birth, insurance information, last four (4) digits of social security number, diagnosis, vital signs, weight, test ordered, physician progress notes, medical record number and account number.A review of the facility's policy and procedure titled "Uses and Disclosures of Protected Health Information", dated April 3, 2013 stipulates, " It is the policy of (the facility) that an individual's identifiable PHI may only be used within the Medical Center or disclosed to entities outside the Medical Center after notification to and or with the expressed permission of the patient ..."The facility failed to ensure the correct patient information was faxed to Insurance Company 1 resulting in an unauthorized release of Patient A's PHI to Company 2.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights