Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 23, 2014. Also cited in 123 other reports.
Report ID: 9YF611.01, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure Patient 1's privacy was protected during the admission process when the Admission's Clerk from the facility used information from the patient's record to make a personal phone call to the patient to ask if she had a boyfriend.The failure of the facility to protect Patient 1's personal privacy had the potential to cause emotional stress and anxiety and to further result in the misuse of Patient 1's personal information. Findings:Patient 1 was pre-registered to the facility on December 9, 2014, for an ear, nose, and throat (ENT) surgerical procedure scheduled on December 18, 2014. An interview was conducted with Patient 1 on December 24, 2014, at 10:30 a.m. Patient 1 stated she had a pre-registration appointment with the Admission Clerk (AC) on December 9, 2014, at 9 a.m. During the appointment, Patient 1 stated she was asked the "normal" questions by the AC for the facility registration process: name, date of birth, address, insurance, work address, home phone number...etcetera. Patient 1 stated, "I left the facility around 1:30 p.m., and noticed I missed two calls. I answered the third call and the caller identified himself and mentioned he spoke with me (Patient 1) earlier that morning (during the admission process). He (AC) asked if I had a boyfriend. I said, "Excuse me, hello?" and preceded to hung up my phone. I was a little confused (about the content of the call)." Patient 1 stated no other medical or demographic information was requested or exchanged with the AC. Patient 1 stated, after she hung up, the AC attempted to call her two to three times more. On December 17, 2014, Patient 1 stated, "I complained to Patient Advocacy (about the Admission's Clerk's actions)."Patient 1 stated, "On the day of surgery (December 18, 2014), I had to go back down to registration. The gentleman was still there...he was within two feet from me. I called Patient Advocacy and told them I was embarrassed and felt uncomfortable to be near this person and felt the hospital did not take me seriously (related to my complaint)...he knows where I live, he knows my phone number, he knows my job address...I felt like he (the AC) was a stalker."An interview was conducted with the Senior Human Resources Analyst (SHRA) on December 23, 2014, at 12:15 p.m. The SHRA stated he conducted his own investigation into Patient 1's complaint against the Admission's Clerk. The SHRA stated, "The Admission Clerk's (AC) stated he made his calls to Patient 1, and in between the registering process he thought he was using the facility's phone's system's call back feature to call his sister back." The SHRA stated, "The facility did a phone number trace of the patient's (Patient 1's) phone number. There were five calls placed, one of which took forty two seconds, the other four calls took four seconds each." The SHRA stated, "The AC used Patient 1's demographic (phone number) information for personal gain and violated the facility's privacy policy." The SHRA acknowledged that the Admission's Clerk was still on duty at the facility.An interview was conducted on December 23, 2014, at 12:20 p.m. with the Admissions Service Officer (ASO). The ASO stated, "Patient 1 called to complain about the Admissions Clerk on December 9, 2014. The Department was notified on December 15, 2014, of the complaint regarding the AC's phone call to Patient 1 about her personal information." The ASO stated, "It would take 24 hours to obtain the trace of the Admission Clerk's sister's phone number," and indicated the facility was checking to see if the AC had attempted to call his sister during the time in question.A follow-up interview from the ASO was conducted on December 24, 2014, at 1:30 p.m. The ASO was asked why the AC was as close as two feet from Patient 1 when Patient 1 had to go back to the Admission's office. The ASO stated, "I informed the supervisor of the AC that he was not to serve (register information) her (Patient 1). The ASO stated, "Unfortunately, I should have been more specific in telling the supervisor to keep him no where near her (Patient 1)."A fax dated December 24, 2014, at 9:37 a.m., received at the Department from the ASO, indicated, "I received the results from the call log (trace). There were no other calls from the employee's work number." The phone trace failed to confirm the (AC) called his sister during the time when he was pre-registering Patient 1, as the AC's stated.A review of the facility's policy dated, August 2013, indicated, "The policy of (facility name withheld) is to: Maintain the highest level of confidentiality for all patient protected health information...All workforce members are responsible to protect the patient's privacy and confidentiality."The facility failed to maintain Patient 1's personal information as confidential, when the facility's Admission Clerk used confidential demographic information (a patient's personal telephone number), and called Patient 1 to ask if she had a boyfriend.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280