Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 15, 2014. Also cited in 123 other reports.
Report ID: H1FZ11.01, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to protect Patient 1's protected health information (PHI) from unauthorized disclosure. Patient 1's "Authorization for Release of Medical Record Information," was inadvertently faxed to the wrong recipient. This resulted in the potential for misuse of Patient 1's PHI. Findings:On January 15, 2014, at 3 p.m., the Administrative Services Officer (ASO) was interviewed. The ASO stated on December 14, 2014, Patient 1's primary care physician faxed a signed authorization to release Patient 1's medical record to Health Information Services (HIS). At the same time another health insurance group faxed an incomplete authorization for release of Patient 2's medical record. The HIS staff incorrectly thought the two faxes were both for Patient 2, and sent both authorizations (including Patient 1's) back to the health insurance group, with a note that they were unable to process request due to "Signature does not match or records."The ASO stated the insurance group notified the facility of the mis-directed fax, and receipt of Patient 1's private information on December 23, 2013.The "Authorization for Release of Medical Record Information," for Patient 1 was reviewed. The authorization contained Patient 1's name, date of birth, address, telephone number, and medical record number.A review of the facility policy, "Patient Privacy, Confidentiality, Medical Records, And Access To, Or Release Or Disclosure Of, Patient Information, (Revised Date: 01/02/09)," indicated, "(The facility) and its personnel shall reasonably safeguard confidential medical information from any unauthorized access or unlawful access use, or disclosure."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280