KAISER FOUNDATION HOSPITAL - RIVERSIDE

Report ID: ZJFH11, California Department of Public Health

Reported Entity: KAISER FOUNDATION HOSPITAL, RIVERSIDE

Issue:

Based on interview and document review, the facility failed, for one patient (Patient A), to protect Patient A's Personal Health Information (PHI) from unauthorized accessed by a facility employee. Findings:On October 31, 2012, at 9 a.m., an investigation regarding unauthorized accessed of Patient A's medical record was conducted. On October 31, 2012, at 9:26 a.m., the Director of Accreditation, Regulation and Licensing (DOA) and the Compliance Project Manager (CPM) were interviewed. The DOA and CPM stated on September 7, 2012, a facility's Professional Coder (PC) was found to have inappropriately accessed Patient A's medical record. The CPM stated the facility found this while they were investigating an unrelated situation. She stated during the investigation, the PC was interviewed on October 22, 2012, after returning from her leave. The PC admitted she accessed Patient A's record (a family member) without business reason. The PC told the CPM that she accessed Patient A's Hospital Encounter record to see if Patient A was still in the facility so that she could visit her. The DOA and CPM stated the inappropriate access of Patient A's medical record by the PC was validated as a breach on October 22, 2012. On October 31, 2012, a review of facility documents with the DOA and CPM included:a. The Hospital Encounter. The PHI included Patient A's name, date of birth, admission information, admission diagnosis, Emergency Department diagnosis, chief complain, length of stay, medical record number, allergies and discharge information. b. A letter addressed to Patient A's estate, dated December 24, 2012, indicated the facility notified Patient A's estate of the privacy breach.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280