Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 9, 2012. Also cited in 123 other reports.
Report ID: RBMP11, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure information in Patient A's record was not viewed by persons not authorized to view the information. Findings:On May 2, 2012, the facility notified the CDPH they believed they had an unauthorized access of PHI. According to Administrative personnel, Patient A sustained an occupational needle stick injury and was sent to the emergency room where a record was established. At Patient A's request, supervisory staff viewed the record, but had no business need, therefore there was a violation of facility policyOn July 10, 2012, at 10 a.m., the Administrative Services Officer was interviewed. The Officer stated her office was notified on April 25, 2012, by the Occupational Health Department, that pharmacy staff had viewed Patient A's laboratory results. According to the officer, the supervisor had viewed the report with Patient A's permission, but the Supervisor had no business need to view the report. The Officer stated the patient should have returned to Occupational Health to obtain the results of her lab tests. The Officer stated during the investigation, they determined that pharmacy staff had accessed Patient A's PHI, including demographic information and laboratory results, without a need to view the information.The facility's policy and procedure titled "Patient Privacy, Confidentiality, Medical Records, and Access to, or Release or Disclosure of, Patient Information," was reviewed on July 10, 2012. The policy indicated its purpose was to protect patients' rights to privacy and security of their health information. The policy established the criteria and the methods by which patient healthcare information may be accessed, used, released, or disclosed. The policy indicated: "...2. Patient healthcare information may be legally accessed, used or disclosed by facility personnel who need such information to provide the patient's care or who otherwise require such information to do their job."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280