This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

RIVERSIDE COMMUNITY HOSPITAL

4445 MAGNOLIA AVENUE RIVERSIDE,CA 92501

Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 15, 2012. Also cited in 64 other reports.


Report ID: 6HVI11.01, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and document review, the facility failed for one patient (Patient A), to ensure that (PHI) Protected Health Information was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information and entire medical records.Findings:On May 15, 2012, an unannounced visit was made to the facility to investigate a breach of PHI.On May 15, 2012, at 2 p.m., an interview was conducted with the Facility Privacy Officer.The Health Port ( a contracted medical records service company) representative gave the copy service the wrong medical record to copy. Instead of giving the copy service Patient B's chart, the representative handed over Patient A's medical records, in error. The attorney called the medical records department when they noticed they received the wrong medical records. The Privacy Official stated the breach occurred because the employee did not verify the patient's name, and was at fault for releasing the wrong medical records to the attorney and the copying service. The facility's policy and procedures, titled, "Health Information Management," dated November 1, 2011, indicated, "The facility must take reasonable steps to safeguard and protect PHI. The facility must utilize appropriate administrative, physical, and technical safeguards in order to protect PHI from inappropriate and/or unauthorized access, use, and/or disclosures.The facility failed for Patient A, to ensure her Protected Health Information was not disclosed to any entity not authorized to receive the information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

Do you believe your privacy has been violated? Here’s what you can do: