Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 29, 2011. Also cited in 64 other reports.
Report ID: ACWO11, California Department of Public Health
Reported Entity: RIVERSIDE COMMUNITY HOSPITAL
Issue:
Based on observation, interview and facility document review, the facility failed to ensure Patient's 1 confidential information was kept protected by failing to dial the correct fax number, which resulted in the unauthorized disclosure of Patient 1's confidential information to an unintended individual. Findings:On September 29, 2009, at 1:30 p.m., an unannounced visit was made to the facility to investigate a breach of Protected Health Information.In an interview with the Medical Record Supervisor on September 29, 2009, at 1:55 p.m. she stated on September 15, 2009, a contracted medical record supervisor faxed Patient 1's medical information to a private resident in another state. She further stated that the supervisor had verified the fax number with the patient but when she wrote it down on the cover sheet, she incorrectly wrote the fax number.Further interview with the Medical Record Supervisor on September 29, 2009, at 2:30 p.m., she stated that this facility received a voice message on September 17, 2009, indicating she (caller) received records that was intended for another individual.On September 29, 2009, at 2:10 p.m., observation of a reminder note on the fax machine on which the documents were sent indicated the following:1. Get the fax straight before you send.2. Save cost accidental PHI disclosures can be expensive errors.3. Verify the number.4. Verify the Recipient5. Double check, then send. On August 31, 2009, at 11:30 a.m., Patient 1's record was reviewed with the privacy official. The following information was released : 1. Patient 1's hospital account numbers, patient's first, middle initial, and last name, date of birth, gender, age, admit and discharge date, and name of physicians. 2. Emergency Room Treatment Summary which included date of treatment, chief complaint, history of present illness, current medications, social history, review of systems, physical examination, ER diagnostics, ER course and management, impression, and plan.3. Procedure done, premedications, assistant, post endoscopic diagnoses, procedure and findings, final impression, history and physical, and plan.4. Exams: A. Abdomen 1V / KUB, Clinical History, and Impression.B. CT of Abdomen and Pelvis with contrast, which included History, Procedures, Abdominal Findings, Pelvic Findings, and Impression.5. Laboratory Inquiry Report which included case #, surgical information, gross description, microscopic, and final diagnosis.6. Clinical Laboratory which included basic panels, hepatic function, nutritions assessment, and special chemistry - endocrinology.7. Hematology8. Microbiology, Aerobic cultures for stool.9. Discharge Summary which included, treated diagnoses, history, procedure done, indication, date of procedure, premedications, and post endoscopic diagnoses. On August 31, 2012, the facility's P&P titled, "FAXING PROTECTED HEALTH INFORMATION (PHI)" was reviewed. The P & P indicated, under "Procedure:"A. Verify the fax number:1. Verify fax number and recipient before sending the fax, including name, organization, and fax number.2. Wait for the confirmation from the fax machine after the fax has been sent.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280