Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 28, 2012. Also cited in 123 other reports.
Report ID: 1NSR11.01, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent unauthorized disclosure of PHI when an ED nurse disclosed a confidential diagnosis to the mother of one patient (Patient 1). This failed practice resulted in the potential for emotional harm to Patient 1.Findings:During an interview with the facility CPO on August 28, 2012, the CPO stated an ED nurse was working in triage on August 14, 2012, when the mother of Patient 1 came to him and asked how much longer the wait for her son would be. When the ED nurse attempted to identify the patient she was talking about, he identified Patient 1 by his (confidential) diagnosis.The MR for Patient 1 was reviewed on August 28, 2012. The record indicated Patient 1, a 25 year old male, presented to the ED with abdominal pain, possibly related to a primary confidential diagnosis.The facility report of the investigation of the event was reviewed on August 28, 2012. The report indicated when Patient 1 was triaged, he informed the triage RN, in private, he was having abdominal pain, and that he also had (a confidential diagnosis). According to the report, while Patient 1 and his mother were waiting in the waiting area, his mother became concerned about how long they had been waiting, and went to ask the triage RN when her son would be seen. The triage RN answered with, "Oh, the (confidential diagnosis) guy." The report indicated Patient 1 overheard this conversation, and stated, "Oh no, I didn't want her to know (about the confidential diagnosis)."The facility document titled, "(confidential diagnosis) results," was reviewed on August 28, 2012. The document indicated the patient's written authorization was required for the release of the (confidential diagnosis) results.The facility policy titled, "Patient Privacy, Confidentiality, Medical Records, and Access to, or Release or Disclosure of, Patient Information," was reviewed on August 28, 2012. The policy indicated personnel shall maintain the confidentiality/privacy of information contained in the medical records of patients and, except for the purposes of treatment, payment, or healthcare operations, shall not disclose patient information without the patient's written authorization.The investigation reprot indicated there was no authorization or consent for disclosure of PHI in the MR of Patient 1.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280