RIVERSIDE COMMUNITY HOSPITAL

Report ID: 6HVI11.01, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and document review, the facility failed for one patient (Patient A), to ensure that (PHI) Protected Health Information was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information and entire medical records.Findings:On May 15, 2012, an unannounced visit was made to the facility to investigate a breach of PHI.On May 15, 2012, at 2 p.m., an interview was conducted with the Facility Privacy Officer.The Health Port ( a contracted medical records service company) representative gave the copy service the wrong medical record to copy. Instead of giving the copy service Patient B's chart, the representative handed over Patient A's medical records, in error. The attorney called the medical records department when they noticed they received the wrong medical records. The Privacy Official stated the breach occurred because the employee did not verify the patient's name, and was at fault for releasing the wrong medical records to the attorney and the copying service. The facility's policy and procedures, titled, "Health Information Management," dated November 1, 2011, indicated, "The facility must take reasonable steps to safeguard and protect PHI. The facility must utilize appropriate administrative, physical, and technical safeguards in order to protect PHI from inappropriate and/or unauthorized access, use, and/or disclosures.The facility failed for Patient A, to ensure her Protected Health Information was not disclosed to any entity not authorized to receive the information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: 7UQ411.01, GEDZ11.01