RIVERSIDE COMMUNITY HOSPITAL

Report ID: JZJW11.01, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and record review, the facility failed to prevent unauthorized disclosure of protected health information (PHI) for one patient (Patient 1), when her Emergency Department (ED) record, along with a bill for services, was sent to the wrong employer. This failed practice resulted in the potential for physical, emotional, and financial harm to the patient.Findings:During an interview with the facility Privacy Officer (PO) on August 3, 2015, at 2:50 p.m., the PO stated the business office sent a bill for ED services received by Patient 1 on May 28, 2015, along with a face sheet and examination and treatment information, to a business that they thought was the patient's employer. According to the PO, the business office received a phone call from that business on June 15, 2015, stating Patient 1 was not employed there, and they had sent the information to the wrong place.The documents that were sent to that business were reviewed on August 3, 2015. The documents included the following PHI for Patient 1:1. Name,2. Age;3. Birthdate;4. Sex;5. Address;6. Telephone number;7. Medical record number;8. Account number;9. Date of service;10. Chief complaint;11. Medical history;12. Physical examination findings; and,13. Types of x-rays done.Failure of the business office to verify the correct employer prior to sending the bill for services resulted in disclosure of PHI to unauthorized persons.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

1 other violation reported on the same date. Note that other citations may be about the same event: IKT411.01