HospitalInspections.org

Based on review of all draft and active policies/procedures related to privacy and security and interview with the Director of Quality, indicated that the Hospital failed to implement in a timely manner, policies/procedures regarding the removal and transportation of Personal Information [PI - information containing a patient's name, demographic information, social security number and/or financial information) and/or Protected Health Information (PHI; information regarding a patient's past, present or future physical or mental condition, treatment or health care) in paper form.

Findings included:

1) The draft policy titled: Physical Removal and Transport of PHI and Personal Information, which addressed the basic requirements to safeguard against loss/theft/unauthorized access of PHI or PI in paper form (such as removal or transport of copies of clinical information from records on the unit by physicians or therapists from one site to another) was reviewed.

Review of this policy, and all Policies/Procedures regarding the privacy and safety of PI and PHI, indicated that none of the policies specifically addressed the physical removal and transport of PI/PHI in paper form from the Hospital.

2) The Quality Director was interviewed on 10/7/11 at 7:30 A.M. The Quality Director said the Policy was being processed through the Hospital's committees for approval and then had to be posted on the Hospital intranet site for 90 days before a policy can become effective.