Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 23, 2011. Also cited in 64 other reports.
Report ID: Y1BF11, California Department of Public Health
Reported Entity: RIVERSIDE COMMUNITY HOSPITAL
Issue:
Based on interview and record review, the facility failed to ensure Protected Health Information (PHI) for Patient A, was not disclosed to another patient. This failed practice resulted in the disclosure of PHI for Patient A to an unintended recipient.Findings:On August 23, 2011, at 10:30 a.m., an unannounced visit was made to the facility to investigate a breach of PHI.In a concurrent interview with the Privacy Official, she stated a registration clerk obtained information for Patient A for admission. The clerk did not clear the screen on the computer for Patient A. and began to enter information for Patient B. Patient B received the conditions of admission documents with the name, date of birth, medical record number, account number, date of service and the physician's name for Patient A.On August 23, 2011, the facility policy and procedure titled, "Safeguarding Protected Health Information," was reviewed. The policy revealed, "...Policy: The facility must take reasonable steps to safeguard and protect PHI. The facility must identify and utilize appropriate administrative, physical, and technical safeguards in order to protect PHI from inappropriate and/or unauthorized access, use, and/or disclosures..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280