RIVERSIDE COMMUNITY HOSPITAL

Report ID: GEDZ11.01, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and document review, the facility failed for one patient (Patient A), to ensure that (PHI) Protected Health Information was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information and entire medical records.Findings:On May 15, 2012, an unannounced visit was made to the facility to investigate a breach of PHI.On May 15, 2012, at 3 p.m., an interview was conducted with the Facility Privacy Officer.The Facility Privacy Officer stated the breach was brought to their attention on January 24, 2012, while a medical clerk was reviewing medical records. The medical clerk noticed that restraint records for Patient A had been filed in Patient B's medical records. The Facility Privacy Officer stated after investigating the incident, they realized the breach occurred approximately eleven years ago, and were not able to identify who was responsible for the incident. The facility's policy and procedures, titled, "Health information Management," dated November 1, 2011, indicated, "The facility must take reasonable steps to safeguard and protect PHI. The facility must utilize appropriate administrative, physical, and technical safeguards in order to protect PHI from inappropriate and/or unauthorized access, use, and/or disclosures.The facility failed for Patient A, to ensure her Protected Health Information was not disclosed to any entity not authorized to receive the information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: 6HVI11.01, 7UQ411.01