Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSPITAL - RIVERSIDE
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 5, 2012. Also cited in 25 other reports.
Report ID: HJGK11, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSPITAL, RIVERSIDE
Issue:
Based on record review and interview, the facility failed to ensure that an employee did not access a patient's (Patient A) record without a need to do so, which resulted in an employee reviewing Patient A's protected health information (PHI) without written authorization.Findings:During a telephone interview with Compliance Officer (CO) 1 on October 5, 2012, at 3:20 p.m., she stated that an employee deliberately looked at the patient's PHI.On October 5, 2012, at 4 p.m., a review of the facility letter sent to the Riverside District Office (RDO), that stated, "...On October 2, 2012, our Medical Center Compliance Officer has validated that a privacy breach occured at our facility. The incident was about an employee (Employee 1) who accessed a patient's chart and reviewed the patient's record without business reason..." On October 10, 2012, a record review revealed that Patient A was a 59, year old female admitted to the facility August 22, 1012. During an interview with CO 2 on October 10, 2012, at 4 p.m., she stated that Patient A, who is an employee at the facility, was admitted to their facility on August 22, 2012, with various diagnoses. When Patient A returned to work, there were some comments made by other employees that lead Patient A to believe someone she worked with looked at her medical record. CO 2 stated that during the facility's investigation, it was found that another employee who worked in Medical Records Coding Operations looked at Patient A's record on August 23, 2012. CO 2 stated the Coders only receive billing queues after the patients are discharged.On May 3, 2013, at 9:45 a.m., in an interview with CO 2, she stated Employee 1 was terminated and unavailable to interview and that Patient A was readmitted to the facility with a "sensitive diagnoses" and was unavailable to interview.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280