This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

RIVERSIDE COMMUNITY HOSPITAL

4445 MAGNOLIA AVENUE RIVERSIDE,CA 92501

Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 21, 2011. Also cited in 64 other reports.


Report ID: KHWI11, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and documents review, the facility failed, for one patient (Patient A), to ensure that Protected Health Information (PHI) was not disclosed to an entity not authorized to receive the information. This failed practice had a potential to result in medical identity theft and/or fraud. Findings:On April 21, 2011, an investigation regarding unauthorized disclosure of Patient A's PHI was conducted. On May 16, 2013, at 2:27 p.m., a follow up phone call was made to the facility. A phone interview with the Facility Privacy Officer (FPO) was conducted. The FPO stated Patient A and Patient B both requested their medical records. An employee of the contracted medical information company sent both Patient A and Patient Bs' records to Patient B. Patient B notified the facility that she received Patient A's records on January 27, 2011. Patient B returned Patient A's records to the facility on the same day. The FPO stated she kept the copies of Patient A's records with her investigation documents. The FPO stated a letter was sent to Patient A, notified her of the privacy breach. On May 16, 2013, a review of facility documents included:a. Patient A's medical records. The PHI included patient's name, date of birth, sex, age, social security number, ethnicity, address, phone number, next of kin information, insurance information, diagnoses, account number, medications, consultation reports, all health and medical related information of Patient A. b. A letter addressed to Patient A, dated February 2, 2011, indicated the facility notified Patient A of the privacy breach.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Do you believe your privacy has been violated? Here’s what you can do: