Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 4, 2014. Also cited in 123 other reports.
Report ID: KTVB11.01, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview and record review the facility failed to prevent the unauthorized access and/or disclosure of Patient 1's private health information (PHI) during the discharge process. Patient 1's PHI was inadvertently given to another patient (Patient 2) during the discharge process. This had the potential to result in the misuse of Patient 1's private health information.Findings:On December 4, 2014, at 2:45 p.m., an interview was conducted with the facility's Administrative Services Officer (ASO). The ASO stated the Emergency Department's Nurse (ED Nurse) did not use two patient identifiers when discharging Patient 2 to match paperwork to the current patient being discharged. Patient 2 received Patient 1's discharge information.A review of the facility letter sent to Patient 1 on November 21, 2014, indicated, "This disclosure occurred on November 13, 2014, when your paperwork titled, "Instructions to the Emergency Patient," from the Emergency Department was provided to another patient (Patient 2). The paperwork included your name, date of birth, medical record number, and account number. The original paperwork was returned to the Emergency Department."A review of the facility policy titled, "Hospital-name withheld, Patient Care Services," dated May 2012, indicated, "All healthcare team members will use two unique, patient-specific identifiers to assist in correct identification of the patient...When identifying a patient, two of the following patient identifiers are mandatory: Patient name andPatient date of birthMedical Record Number...Patient identification shall be verified prior to care, treatment, or service in the treatment cycle such as but not limited to: ...registration, transportation, and discharge of patients."The facility failed to follow procedure to match discharge paperwork with the identified patient (Patient 2) being discharged. This had the potential to result in the misuse of Patient 1's private health information when PHI was inadvertently given to Patient 2.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280