RIVERSIDE COMMUNITY HOSPITAL

Report ID: KJF111.01, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and record review, the facility failed to prevent the unauthorized access and /or disclosure of Patient A and B's protected health information (PHI). This had the potential to result in the misuse of the patients' private demographic information. Findings: On October 31, 2013, at 2 p.m., an investigation was conducted for this entity reported incident. On October 31, 2013, at 2 p.m., the Facility Privacy Official (FPO) was interviewed. The FPO stated on October 1, 2013, the Information Technology Department was performing a data transfer, when Patient A's and Patient B's demographic information, (including the patients' names, social sectary number and address), was sent to an out of state facility. The FPO stated a "filter was not set correctly," and these two patients' information was inadvertently sent. On October 31, 2013, letters sent to both Patient A and Patient B were reviewed. The letters indicated "a recent disclosure of your protected health information," had occurred. According to the letters, demographic information had been disclosed to and out of state facility. The facility policy titled, "Safeguarding Protected Health Information," with an effective date of November 1, 2011, was reviewed. The policy indicated: "Purpose: to facilitate compliance...To establish guidelines for protecting and safeguarding protected health information... The facility must take reasonable steps to safeguard and protect PHI..."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

1 other violation reported on the same date. Note that other citations may be about the same event: UVSS11.01