Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 13, 2013. Also cited in 123 other reports.
Report ID: OOXU11.03, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure an unauthorized disclosure of Patient A's PHI (protected health information, was reported to the patient no later than five days after the disclosure was detected. The facility detected the breach on July 18, 2013, and notified the patient 13 days later, six days after the mandated timefrome for the facility to notify the patient of the event.Findings:On August 13, 2013, an unannounced visit was made to the facility to investigate an entity reported breach of PHI (protected health information). An interview was conducted with the facility's Compliance and Privacy Officer (PO), on August 13, 2013, at 4:40 p.m. The PO stated the breach occurred on July 18, 2013. The radiology employee reviewed Patient A's radiology orders and made copies of the records without permission on July 18, 2013. The PO stated the employee who caused the breach was going through a disciplinary action with the facility and a meeting had been scheduled with human resourses. The employee made copies of Patient A's medical record to help defend her case. The PO stated after the HR meeting, the employee folded the copies and put them in her pocket. The HR department reported the incident to the compliance department on July 31, 2013. The facility policy and procedure titled, "Breach of Patient Privacy: Reporting Requirements," was reviewed. The policy indicated, "The violation will be reported to the patient and Stated within no more than (5) calendar days from identification of the unlawful or unauthorized access to, or use or disclosure of the patient's medical information..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280