KINDRED HOSPITAL - RIVERSIDE

Report ID: HL6X11, California Department of Public Health

Reported Entity: KINDRED HOSPITAL RIVERSIDE

Issue:

Based on interview and facility document review, the facility failed to prevent unauthorized access and/or disclosure of Patients medical information, when a digital camera (containing patient information), was left on a treatment cart and accessible to the public.Findings:On February 21, 2013, the Director of Quality Management (DQM) was interviewed. The DQM stated that on December 12, 2012, the wound care nurse left her digital camera on the treatment cart outside a patient room. When the wound nurse returned to the cart, the camera could not be located. The DQM stated the camera contained wound photos of five patients (Patient's 1, 2 ,3, 4, and 5) and included the patient's name, date of photo, and location of the wound. The facility was able to track who's pictures were on the camera, and was able to notify each patient of the breach.On February 21, 2013, at 2:30 p.m., a wound care nurse (RN 1) was interviewed. RN 1 stated she did not work at the facility at the time of the stolen camera. However RN 1 stated the camera was not to be left out and accessible to anyone other than the wound care nurse. When the camera was not in use, it should be locked in the treatment cart or locked in the office.The facility policy titled, "Investigation of Potential Breaches of Protected Health Information," was reviewed. The policy indicated, "Definitions... Protected Health Information (PHI) - individually identifiable health information that is transmitted or maintained in any form or medium, including electronic health information... Breach of Protected Health Information - the unauthorized acquisition, access, use or disclosure of PHI which compromises the security or privacy of the PHI, ..."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280