This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

KAISER FOUNDATION HOSPITAL - RIVERSIDE

10800 MAGNOLIA AVENUE RIVERSIDE,CA 92505

Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 25, 2013. Also cited in 25 other reports.


Report ID: R88P11.01, California Department of Public Health

Reported Entity: KAISER FOUNDATION HOSPITAL, RIVERSIDE

Issue:

Based on interview and record review, the facility failed to ensure Patient A and B's protected health information (PHI) was kept private, when the patients' confidential information was intentionally accessed by a facility employee who was not authorized to review the PHI. This had the potential to result in medical identity theft and/or fraud.Findings:On September 25, 2013, at 10 a.m., an interview was conducted with the Director of Accreditation/Licensure & Regulatory Affairs (DALRA) and the Project Manager for Compliance (CO). The CO stated, on August 19, 2013, the compliance department, while investigating Physician (MD) 1, determined that MD 1 had accessed Patient A and Patient B's medical records. The CO stated MD 1 had accessed Patient A and Patient B's records on two occasions. The CO stated MD 1 was not involved in either patients' care. Patient A was informed of the disclosure of the protected health information (PHI) via a letter from the Compliance Project Manager on August 26, 2013. The letter was reviewed on September 25, 2013, and indicated "During the course of an investigation, it was discovered that yours and your son's, protected health information was inappropriately accessed by facility personnel. The protected health information that was accessed included yours and your son's first and last name, date of births, medical record numbers, as well as portions of the medical record." The facility policy and procedure titled "Mitigation of Impermissible Uses and Disclosures of Protected Health Information" revised June 2013, indicated "... the provisions of this policy apply to the following persons: and professional staff members of (facility) hospitals...all physicians, employee, and other workforce members of the (Medical Group)..." The policy indicated PHI was "Individually identifiable health information, including demographic information ... such as name, date of birth, address..."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

Do you believe your privacy has been violated? Here’s what you can do: