Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 28, 2014. Also cited in 123 other reports.
Report ID: JSX011.01, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure Patient A's protected health information (PHI) was kept private, when Patient A's discharge summary was inadvertently sent to an unintended recipient. This resulted in the unauthorized disclosure of Patient A's PHI, and the potential for misuse of the information.Findings:On December 18, 2013, the facility notified the California Department of Public Health that a document containing Patient A's PHI was sent to the wrong billing agency. On January 28, 2014, at 10 a.m., an interview was conducted with the Administrative Services Officer (ASO). The ASO stated on December 12, 2013, a medical records supervisor notified the privacy office that during an audit they determined Patient A's discharge summary had been faxed to the wrong billing office. The ASO stated the information was "autofaxed," to a provider linked with a physician involved in the patient's case. The physician had changed services and was no longer at that office, when the fax was sent. A document titled "Detention Discharge Summary," was reviewed. The document contained Patient A's name, age, medical record number, account number, and date of service. The facility policy and procedure titled "Patient Privacy, Confidentiality, Medical Records, and Access to, or Release or Disclosure of, Patient Information," revised on January 2, 2009, was reviewed. The policy indicated its purpose was "To protect patients' rights to privacy and security of their healthcare information...its personnel shall reasonably safeguard confidential information from any unauthorized access or unlawful access use, or disclosure."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280