This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

RIVERSIDE COMMUNITY HOSPITAL

4445 MAGNOLIA AVENUE RIVERSIDE,CA 92501

Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 4, 2013. Also cited in 64 other reports.


Report ID: GPB811, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and document review, the facility failed to ensure that Patient A's Protected Health Information (PHI) was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information and medical records.Findings:An unannounced visit was made on September 4, 2013, to investigate a facility self reported breach incident. On September 4, 2013, at 1 p.m., an interview was conducted with the compliance officer, and quality director. The compliance officer stated the hospital became aware of the breach on August 6, 2013, when Patient B brought the medical records back and reported the incident to the hospital. Patient A and B were both discharged on the same day, and the nurse gave Patient B the wrong discharge documents. Patient B received Patient A's medical records. The records contained date of birth, date of service, medications, treatment information, physician orders, Patient B's full name and medical records numbers, diagnoses, and information regarding Patient B's medical conditions. The facility's policy and procedure titled, Safeguarding Protected Health Information, was reviewed. The policy indicated, "The facility will take reasonable steps to safeguard and protect PHI..."The facility failed to ensure Patient A's Protected Health Information was not disclosed to any entity not authorized to receive the information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Do you believe your privacy has been violated? Here’s what you can do: