Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 12, 2014. Also cited in 123 other reports.
Report ID: V2EB11, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized disclosure of Protected Health Information (PHI) for one patient, Patient A, when a Certified Nursing Assistant (CNA), gave a prescription document intended for Patient A to another patient, Patient B. This failed practice had resulted in Patient B having access to the PHI of Patient A, and the potential for the misuse of Patient A's PHI.Findings:On March 12, 2014, at 4:15 p.m., a phone investigation was conducted for an entity reported incident. In a concurrent interview with the Administrative Services Officer (ASO), the ASO stated on March 3, 2014, during the discharge process from the Emergency Department (ED), a prescription intended for Patient A was given to Patient B.The ASO stated the facility's policy and procedure to identify a patient using two patient identifiers prior to the release of documents, was not followed.The document titled "ED Prescription Sheet..." dated March 3, 2014, was reviewed. The document indicated Patient A's name, medical record number, and the names of the medications prescribed for Patient A.The facility policy and procedure titled "Patient Identification" dated May 23, 2012, indicated "Use at least two patient identifiers when providing care, treatment, or other services...Procedures requiring patient identifiers..registration, transportation, and discharge of patients..."The facility policy and procedure titled "Patient Privacy: HIPPA" dated August 27, 2013, indicated "Maintain the highest level of confidentiality for all protected health information...Protected Health Information (PHI) is defined as verbal, written, or electronic information...Such as name..medical record number...information about the patient's medical condition..diagnostics, testing, treatment..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280