Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 30, 2015. Also cited in 64 other reports.
Report ID: J0HX11, California Department of Public Health
Reported Entity: RIVERSIDE COMMUNITY HOSPITAL
Issue:
Based on staff interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient A's private health information (PHI), when a document containing Patient A's discharge medications was given to Patient B with discharge. This had the potential to result in misuse of Patient A's private health information.Findings:On June 30, 2015, at 8:30 a.m., an investigation was conducted on this entity reported incident. On June 30, 2015, at 8:30 a.m., the facility Health Insurance Portability and Accountability Act (HIPPA) Manager (HM) was interviewed. The HM stated an unauthorized disclosure of Patient A's PHI, a copy of a discharge medication list, was given to another patient (Patient B), during discharge. The recipient (Patient B) brought the list of information back to the hospital after he acknowledged the medication list did not pertain to him. The following information was originally intended to be given to Patient A: a medication list containing multiple discharge medications, medical record number, account number, physician's name, Patient A's name, and date of birth.During a concurrent interview with the HM, the HM stated, the discharge nurse should visually check each individual discharge paper and have those papers presented as a packet to the charge nurse. The charge nurse would then do her own inspection of the discharge packet and sign off on the packet prior to the patient receiving the discharge instructions.Record review was conducted of the facility policy titled, "Safeguarding Protected Health Information," approval dated, September 23, 2013. The facility policy indicated, "Facilities must have a process in place to verify documents are for the correct patient prior to providing the documents to the recipient (example given, verify recipient and content prior to giving discharge papers to an individual."The facility failed to maintain Patient A's PHI when a discharge nurse gave Patient B Patient A's discharge medication list. This had the potential to result in misuse of Patient A's private health information.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280