Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 5, 2014. Also cited in 123 other reports.
Report ID: 6GQN11, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview and record review the facility failed to prevent the unauthorized access and/or disclosure of Patient 1's private health information (PHI). During the discharge process, Patient 1's prescription copy was inadvertently given to Patient 2. This had the potential to result in the misuse of Patient 1's private health information.Findings:On December 4, 2014 at 3 p.m., an interview was conducted with the facility's Administrative Services Officer (ASO). The ASO stated, "During Patient 2's discharge, Patient 2 was inadvertently given a copy of Patient 1's prescription from the fax machine. Patient 2 turned the prescription into the pharmacy and the pharmacy confiscated the prescription. Patient 2 did not receive Patient 1's prescribed medications."A review of the facility letter was sent to Patient 1's gaurdian (Patient 1 was a minor) on November 21, 2014. The letter indicated,"This disclosure occurred on November 20, 2014, when the prescription from the Same Day Surgery was provided to another patient (Patient 2). The prescription included her name, date of birth, medical record number, account number, and the name of the medication prescribed to her. The original prescription was returned to the Same Day Surgery."A review was conducted of the facility policy," (Hospital name withheld) HIPPA policy-Health Information Portability and Accountability Act," dated October 25, 2014. The policy indicated, "Departments intended recipients of faxes that contain PHI shall take steps to protect faxes from being viewed or received by someone else. These steps include, but are not limited to, the following:...Remove incoming faxes promptly and route to the intended recipient. It should never be left in public locations."The facility failed to follow procedure with the routing of the faxed copy to the intended recipient, Patient 1.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280