Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 28, 2011. Also cited in 64 other reports.
Report ID: GCEG11, California Department of Public Health
Reported Entity: RIVERSIDE COMMUNITY HOSPITAL
Issue:
Based on interview and record review, the facility failed to ensure Patient A's protected health information (PHI) on a compact disc (CD), was not given to another patient. This resulted in the unauthorized disclosure of Patient A's PHI, which created the potential for unauthorized use.Findings:On December 28, 2011, at 1:45 p.m., an unannounced visit was made to the facility to investigate a breach of PHI.On December 28, 2011, at 1:50 p.m., the Facility Privacy Official, was interviewed. The Privacy Official stated on December 12, 2011, a Physician's Assistant (PA) gave a CD for Patient A to Patient B, in the Emergency Department (ED). The CD was delivered from the Radiology Department. The Radiology Department delivered the wrong CD.The CD contained Patient A's name, date of birth, medical record number, and the title and date of exam. Patient B returned the CD to the facility on December 16, 2011.On December 28, 2011, at 2:30 p.m., the Director of Emergency Services, was interviewed. The Director stated the Charge Nurse usually checked the CD with another nurse to verify the CD is for the correct patient. The PA did not verify the CD was for the correct patient.On December 28, 2011, the facility policy and procedure titled, "Safeguarding Protected Health Information," was reviewed. The policy revealed, "...The facility must take reasonable steps to safeguard and protect PHI. The facility must identify and utilize appropriate administrative, physical, and technical safeguards in order to protect PHI from inappropriate and/or unauthorized access, use, and/or disclosures..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280