Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 7, 2012. Also cited in 123 other reports.
Report ID: G4X111.02, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure an unauthorized disclosure of Patient A's PHI (protected health information) was reported to the patient no later than five days after the disclosure was detected. This failure resulted in the reporting of the unauthorized disclosure 21 days after the allotted five day period.Findings: An interview was conducted with the Privacy Officer on November 21, 2012, at 3:50 p.m. The PO officer stated a certified nurses assistant became aware of the fact that Patient A's PHI was disclosed on September 20, 2012, when Patient B returned discharge information specific to Patient B, however the document was stamped with Patient A's addressograph (a stamp used on patient's records to identify the specific document as pertaining to that patient). Patient B returned the paperwork the day after she originally received it, on September 19, 2012.The PO stated the information reflected on the addressograph stamp included Patient A's name, date of birth and medical record number.The PO further stated the certified nurses assistant wrote an incident report after Patient B returned the discharge documents but did not inform the PO. The PO further stated the facility was delayed in reporting the unauthorized disclosure of Patient A's PHI. The unauthorized disclosure was reported to Patient A by mail, on October 26, 2012, 21 days after the allotted five day reporting period.A review of the facility policy, "Breach Of Patient Privacy: Reporting Requirements (Effective date: 09/23/09)," was conducted. The policy indicated, "Any suspected or witnessed breach of patient privacy (confidentiality) or patient privacy complaint shall be reported immediately to the (facility) Administrative Services Officer (ASO) for compliance and privacy located in Administration."
Outcome:
Deficiency cited by the California Department of Public Health: Medical Breach