Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 19, 2014. Also cited in 64 other reports.
Report ID: 30O511, California Department of Public Health
Reported Entity: RIVERSIDE COMMUNITY HOSPITAL
Issue:
Based on interview and record review, the facility failed to ensure all patient protected health information (PHI) was kept protected, which resulted in the unauthorized access of the patient's confidential information (Patient 5 - a minor child). Patient 5's confidential information was given to Patient 6 (an adult not related to Patient 5) on June 11, 2014, upon discharge from the facility. This resulted in the unauthorized disclosure of Patient 5's protected health information (PHI).Findings:On June 19, 2014, at 10 a.m., an interview was conducted with the Manager of Health Insurance Portability and Accountability Act Services (MHS). She stated: a. On June 11, 2014, discharge instructions, pertaining to a newborn, were provided to Patient 6.b. On June 12, 2014, a facility employee was "breaking down" the record for Patient 8 (a minor child), and found the "Infant Discharge Instructions" for Patient 5 (a minor child), signed by Patient 6 (an adult not related to Patient 5), in Patient 8's record.c. On June 12, 2014, the facility employee informed the Unit Director and Patient 6 of the incorrect discharge instructions for Patient 5 being given to Patient 6.d. On June 13, 2014, Patient 6 was again contacted and she stated she would return Patient 5's discharge instructions via US mail.e. On June 17, 2014, the facility received Patient 5's "Infant Discharge Instructions" from Patient 6.Patient 6 received and had an opportunity to view Patient 5's (a minor child) PHI, which included name; gender; date of birth; medical record number; account number; physician; and medical information to include weight, hearing screening results and follow-up instructions.Patient 5/Patient 5's responsible party was informed of the disclosure of Patient 5's protected health information (PHI) via a letter dated and mailed on June 18, 2014.The California Department of Public Health (CDPH) was notified via a facsimile received on June 18, 2014; and a letter dated and mailed on June 18, 2014, of the unauthorized access of Patient 5's PHI.The facility document "Patient Discharge Documentation Final Check" reviewed November 13, 2013, revealed "... Printed Discharge Instructions Must Include: ... Verify each page of the discharge instructions for the correct patient identification. ..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280