Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 2, 2014. Also cited in 123 other reports.
Report ID: H3LZ11.01, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized disclosure of Protected Health Information (PHI) for one patient, Patient A, when a computer disc (CD) containing Patient A's medical information was provided to an unintended Skilled Nursing Facility (SNF). This failed practice had resulted in the unintended SNF having access to the PHI of Patient A, and the potential for the misuse of Patient A's PHI.Findings:On April 2, 2014, at 1:25 p.m., a phone investigation was conducted for an entity reported incident investigation. In a concurrent interview with the Administrative Services Officer (AS0), the ASO stated on March 21, 2014, she was informed a CD containing the medical history and treatment information during Patient A's admission, was provided to an unintended SNF.The ASO stated the CD contained information to include Patient A's name, date of birth, social security number, medical record number, home address, telephone number, physician notes, laboratory, and test results.The ASO stated the facility's policy and procedure regarding the use of two patient identifiers prior to the release of documents, was not followed.The facility policy and procedure titled "Patient Identification" dated May 23, 2012, indicated "Use at least two patient identifiers when providing care, treatment, or other services..."The facility policy and procedure titled "Patient Privacy: HIPPA" dated August 27, 2013, indicated "Maintain the highest level of confidentiality for all protected health information...Protected Health Information (PHI) is defined as verbal, written, or electronic information...Such as name..medical record number...information about the patient's medical condition..diagnostics, testing, treatment..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280