Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 26, 2013. Also cited in 123 other reports.
Report ID: XLVP11.01, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure Patient A's protected health information (PHI) was not disclosed to an unauthorized individual. Patient A's PHI was disclosed to Patient B, on June 30, 2013, when a prescription and medication information sheet, intended for Patient A, was dispensed to Patient B. This resulted in the potential for misuse of Patient A's information. Findings: On September 11, 2013, the facility notified the Department, a prescription intended for Patient A, was inadvertently given to Patient B.During an interview with the Privacy Officer (PO) on September 11, 2013, at 10 a.m., the PO stated on July 16, 2013, the pharmacy became aware Patient A's information was released to the wrong person, when Patient B returned with a prescription bottle and attempted to get the prescription refilled. The PO stated the pharmacy determined the prescription had been given to the wrong patient. A copy of the information given to Patient B was reviewed on September 26, 2013. Patient A's name, date of birth, address, home phone number and physician's name were printed on the form. A review of a letter dated September 11, 2013, (addressed to Patient A) indicated on June 30, 2013, Patient A's prescription was inadvertency provided to another patient. "The prescription contained a Patient Information Insert which contained the following demographic information: your full name, date of birth, home telephone number, home postal address, name of the medication, and your doctor ' s name." The facility policy and procedure titled "Patient Identification," with a release date of May 23, 2012, revealed "This Policy and Procedure establishes a standard process to verify patient identity using two unique identifiers, when providing care, treatment, and services." According to the policy, "all healthcare team members will use two unique, patient-specific identifiers...patient full name...patient date of birth..."The facility policy and procedure titled "Breach of Patient Privacy: Reporting Requirements," dated September 23, 2009, revealed "... Breach: The unauthorized acquisition, access, use, or disclosure of patient protected health information (PHI) that compromises the security or privacy of the PHI...Medical information: any individually identifiable information, in electronic or physical form, in possession of or derived from a provider of health care, health care service..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280