Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSPITAL - RIVERSIDE
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 16, 2012. Also cited in 25 other reports.
Report ID: 1WT011.01, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSPITAL, RIVERSIDE
Issue:
Based on interview and record review, the facility failed to ensure all patient protected health information (PHI) was kept protected, which resulted in the unauthorized access of the patient's confidential information (Patient 2). Patient 2's confidential information was given to Patient 3 by a nurse when Patient 3 was discharged from the facility on April 24, 2012. This resulted in the unauthorized disclosure of Patient 2's protected health information.Findings:On April 16, 2012, at 9:05 a.m., an interview was conducted with the Director of Accreditation/Licensure & Regulatory Affairs (DALRA). The DALRA stated: a. On March 24, 2012, Patient 3 was discharged from the facility and the information/forms sent home with Patient 3 contained the "Our Home Has Grown by Two Feet!" which had Patient 2's PHI.b. On March 29, 2012, Patient 3 called the Family Care Center and informed them that she was in receipt of Patient 2's information.c. On March 29, 2012, the Clinical Director Perinatal Services was informed of the unauthorized disclosure of Patient 2's PHI and she informed the facility's Compliance Officer.Patient 3 received and had an opportunity to view Patient 2's PHI, which included name, gender, medical record number, date of birth, and admission date.Patient 2 was informed of the disclosure of her protected health information (PHI) via a telephone call from the Clinical Director Perinatal Services, on March 30, 2012, and a letter dated and mailed on March 30, 2012, to her last known address.The California Department of Public Health (CDPH) was notified via a telephone call of the unauthorized access of Patient 2's PHI, on April 3, 2012, and via facsimile by a letter dated April 6, 2012. The facility policy and procedure titled "Patients' Rights" revised June 2010, indicated "... To expect all communications and other records pertaining to their care, including the source of payment for treatment, to be treated as confidential. ..."The facility policy and procedure titled "Mitigation of Impermissible Uses and Disclosures of Protected Health Information" revised October 2010, indicated "... Protected Health Information (PHI). Individually identifiable health information, including demographic information ... such as name, date of birth, address, ..."The facility policy and procedure titled "Notification Regarding Breaches of Protected Health Information" revised October 4, 2010, indicated "... Licensee must report to CDPH any unlawful or unauthorized access to, or use or disclosure of, a patient's medical information, as defined, no later than 5 business days after the facility detects the above occurrence. ... A Licensee must also notify the affected patient (or, as applicable, the patient's representative) at the last known address, no later than 5 business days after the Licensee detects the unlawful or unauthorized access to, or use or disclosure of, the patient's medical information. ..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280