MENIFEE VALLEY MEDICAL CENTER

Report ID: KDYD11, California Department of Public Health

Reported Entity: MENIFEE VALLEY MEDICAL CENTER

Issue:

Based on interview and facility document review, the facility failed to prevent unauthorized access and/or disclosure of Patient 1's medical information, when Patient 1's "Condition of Admission" paperwork was given to Patient 2. This failure had the potential to result in misuse of private/protected information.Findings:On April 17, 2014, at 2:45 p.m., the Privacy Officer (PO) was interviewed. The PO stated Patient 1 and Patient 2 were both being treated in the Emergency Department (ED) on February 20, 2014. The PO stated when one admission clerk was getting ready to leave, she asked the oncoming admission clerk to have Patient 2 sign the Condition of Admission. She stated, the clerk inadvertently placed Patient 1's label on the form and gave to Patient 2 to sign, as well as provided him with a copy. Patient 2 took the form home, and after realizing the error, returned it to the facility on February 27, 2014.The Condition of Admission with Patient 1's label on it contained Patient 1's name, date of birth, age, sex, medical record number, Admission date/time, and treating physician.The facility policy titled "Breach of PHI - Notification, dated September 2013, indicated "Individually identifiable means that the medical information includes or contains any element of personal identifying information sufficient to allow identification of the individual, such as patient's name..., or other information that, alone or in combination with other publicly available information, reveals the individual's identity."The policy further indicated, "Unlawful or Unauthorized Access means the inappropriate access, review, or viewing of patient medical information without a direct need for medical diagnosis, treatment, or other lawful use..."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280