Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 28, 2014. Also cited in 123 other reports.
Report ID: 8JC511.01, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized access and or disclosure of Patient A's medical/private information to an entity not authorized to receive the information. This failure resulted in Patient A's name being placed on a firearm prohibition list. Findings:On November 6, 2013, the facility notified the California Department of Public Health that Patient A's protected health information (PHI) was reported to the Department of Justice, in error.During an interview with the Compliance Officer (CO), on January 28, 2014, at 9:30 a.m., she stated on October 31, 2013, Patient A reported that his information had been sent to the Department of Justice. The CO stated the investigation revealed Patient A's information had been used to register Patient B, then sent to the DOJ as part of a required "Firearms Prohibition," reporting system. A copy of a letter sent to Patient A, on November 6, 2013, was reviewed. The letter indicated the facility was "writing...with important information about a recent unauthorized disclosure of you patient information." According to the letter, the patient's name, date of birth, home address, social security number and medical record number were given to the DOJ. The facility policy and procedure titled "Patient Privacy, Confidentiality, Medical Records, and Access to,, or Release or Disclosure of, Patient Information," revised on January 2, 2009, was reviewed. The policy indicated its purpose was "To protect patients' rights to privacy and security of their healthcare information..." An untitled policy, with a revised date of May 1, 2012, indicated its purpose was to provide accurate identification of patients, minimizing related medical errors and patient harm. The policy indicated "Patients are identified at the point they enter the Hospital system...Prior to initiation of any registration, the admission and Collections Clerk will confirm through interview the identification of the patient using the following acceptable identifications..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280