Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 30, 2014. Also cited in 123 other reports.
Report ID: DW5311, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent unauthorized disclosure of PHI (protected health information) when Patient A's identification label was placed on Patient B's "Institutional Discharge Treatment Summary," form. This failure resulted in unauthorized persons having access to Patient A's information and the potential misuse of that informationFindings:During an interview with the Administrative Services Officer (ASO) on April 30, 2014, at 10:30 a.m., the ASO stated Patient A and Patient B were both seen in the Emergency Department on April 19, 2014. The ASO stated she was notified on April 21, 2014, that Patient B's discharge paperwork was labeled with Patient A's information. A copy of the letter sent to Patient A was reviewed. The letter indicated "...writing to you with important information about a recent unauthorized disclosure of your patient information...disclosure occurred in the Emergency Department when you patient identification label was adhered to a form that was provided to another patient at discharge...included you name, date of birth, medical record number and date of service..."The facility policy and procedure titled "Standards of Care: Emergency Department (ED)," with a last revised date of April 2014, indicated "Prior to to discharge a registered Nurse and another staff member will review the discharge material and validate using 2 patient identifiers..."The facility policy and procedure titled "Patient Privacy: HIPAA" dated August 27, 2013, indicated "Maintain the highest level of confidentiality for all protected health information... Protected Health Information (PHI) is defined as verbal, written, or electronic information... Such as name. Medical record number... information about the patient's medical condition... diagnostics, testing, treatment..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280