RIVERSIDE COUNTY REGIONAL MEDICAL CENTER

Report ID: EDP311.01, California Department of Public Health

Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to ensure Protected Health Information (PHI) for, 1. Patient A was transmitted to the correct recipient, and; 2. Patient B, was efaxed (sent via the computer to a fax machine) to the correct recipient. These failures resulted in the unauthorized disclosure of Patient A's and B's PHI, which resulted in the potential for unauthorized use.Findings:On November 22, 2011, at 2:20 p.m., an unannounced visit was made to the facility to investigate two breaches of PHI.On November 22, 2011, at 2:30 p.m., the Radiology Manager was interviewed. The Manager stated on November 8, 2011, there were two separate incidents of a breach of PHI for two patients. The numbers for the efax were transposed. The following was disclosed:1. A report for Patient A, which contained Patient A's name, date of birth, medical record number, and details of a diagnostic image was transmitted to a private home. The intended recipient was a physician's office; and,2. A report for Patient B, which contained Patient B's name, date of birth, medical record number, and details of a diagnostic image was transmitted to a bank. The intended recipient was a physician's office.On November 22, 2011, the facility policy and procedure titled, "Breach of Patient Privacy," was reviewed. The policy revealed, "...Definitions Breach: The unauthorized acquisition, access, use, or disclosure of patient protected health information (PHI) that compromises the security of privacy of the PHI..."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

1 other violation reported on the same date. Note that other citations may be about the same event: DW7411.01