Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 2, 2015. Also cited in 64 other reports.
Report ID: IKT411.01, California Department of Public Health
Reported Entity: RIVERSIDE COMMUNITY HOSPITAL
Issue:
Based on interview and record review, the facility failed to prevent unauthorized disclosure of protected health information (PHI) for one patient (Patient 2). Patient 2's mammogram report was mailed to the wrong patient (Patient 1).(Mammogram is an x-ray of the breast, and used as a diagnostic and screening tool).Findings:On July 9, 2015, at 2:30 p.m., the Manager of HIPAA was interviewed. The Manager stated Patient 1 notified the physician on June 8, 2015, that she received Patient 2's mammogram results in the mail, and the physician notified the facility.The Manager stated she investigated the allegation, and was able to determine Patient 2's mammogram results were mailed to Patient 1, instead of the physician. She stated Patient 1 was seen in the Breast Imaging Center (an outpatient area of the hospital) on February 25, 2015. When Patient 1 presented to the Center, she provided a physician order for a mammogram. Because this was a new physician, the Registration Clerk at the Center had to enter all the physician information (name, address, etc), into the computer. The Manager stated the clerk entered Patient 1's address instead of the physician's address. The manager stated the physician information was then sent over to the main registration of the hospital, where the physician information should have been verified. The error was not identified at that time.On June 3, 2015, Patient 2 was seen in the Breast Imaging Center. Patient 2 also had an order for a mammogram from the same physician as Patient 1. The Registration Clerk entered Patient 2's information into the computer, and the address for her physician automatically populated. However, the physician address listed was actually Patient 1's address.On June 5, 2015, the Breast Imaging Center mailed Patient 2's mammogram results to her physician. However, because Patient 1's address was still listed as the physician's address, Patient 2's results were actually mailed to Patient 1 instead.A review of Patient 2's mammogram results were reviewed, and contained the following PHI:- Name;- Birthdate;- Medical Record/Account numbers; and- Results of the mammogram.The Manager stated the Registration Clerks at both the Imaging Center and the hospital, did not follow the proper procedure to ensure the physician address was correct, and as a result Patient 2's mammogram results were mailed to the wrong address.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280