RIVERSIDE COMMUNITY HOSPITAL

Report ID: LG8F11, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and documents review, the facility failed, for one patient (Patient A), to ensure that Protected Health Information (PHI) was not disclosed to an entity not authorized to receive the information. Findings:On August 14, 2012, at 11:35 a.m., the Facility Privacy Officer (FPO) was interviewed. The FPO stated on March 16, 2012, Patient B called the facility to report that she had some kind of paperwork with her roommate's name (Patient A) on them. Patient B stated she would return the paperwork to the facility but never did. The FPO stated when the facility's Nursing Manager tried several times to contact Patient A, she did not response to her. The FPO stated they were not able to find out what kind of paperwork Patient B received. On May 16, 2013, at 2:58 p.m., a follow up call was made to the facility. A phone interview with the FPO was conducted. The FPO stated after investigating the incident, she found out that Patient A's discharge instructions forms were not being printed at the time Patient B was discharged. The FPO stated Patient B probably only received Patient A's hospital sticker, with the demographic information, on it. The PHI on the hospital sticker included patient's name, date of birth, sex, age, account number, and physician's name on it. On May 16, 2013, a review of facility documents included:a. A letter addressed to Patient A, dated March 23, 2012, indicated the facility notified Patient A of the privacy breach.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280