Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 4, 2014. Also cited in 123 other reports.
Report ID: IZRG11.01, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview and record review the facility failed to prevent the unauthorized access and/disclosure of Patient 1's private health information (PHI) during the discharge process. Patient 1's discharge information was inadvertently accessed by Patient 2 during Patient 2's discharge.This had the potential to result in the misuse of Patient 1's private health information.Findings:On December, 4, 2014, an interview was conducted with the facility's Administrative Services Officer (ASO). The ASO stated an ED Nurse had already discharged Patient 1. The ED Nurse had left Patient 1's paper work in the vicinity of Patient 2. The ED Nurse turned her back to the documentation she had left at the bedside. Patient 2 reached over and grabbed Patient 1's discharge information. Patient 2 after discharge, went to the facility's outpatient pharmacy. The pharmacy confiscated the information that did not belong in possession of Patient 2.A review of the facility letter sent to Patient 1 on November 21, 2014, indicated, "This disclosure occurred on November 17, 2014, when your prescription from the Emergency Department was provided to another patient. The prescription included your name, date of birth, medical record, account number, and the name of the medication prescribed to you. The original prescription (copy of) was returned to the Emergency Department."A review was conducted of the facility policy, "(Hospital name withheld) HIPPA Policy (Patient Right's and Responsibilities and Health Insurance Portability and Accountability Act)," dated October 2012. The policy indicated, "The ED (Emergency Department) follows guidelines for patient privacy and confidentiality outlined in the Patient Care Services Policy...Prior to discharge a registered nurse and another staff member will review the discharge material and validate using two patient identifiers (patient's name and date of birth or patient's name and medical record number) that the material is being given to the appropriate patient."The ASO stated the facility failed to follow policy when the ED Nurse turned her back on Patient 1's paperwork which enabled Patient 2 to have access to private health information. This had the potential to result in the misuse of Patient 1's private health information.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280