HIPAA Helper »
RIVERSIDE COMMUNITY HOSPITAL »
Jan 10, 2013

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

RIVERSIDE COMMUNITY HOSPITAL

4445 MAGNOLIA AVENUE RIVERSIDE,CA 92501

Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 10, 2013. Also cited in 64 other reports.

Report ID: VT0Q11.01, California Department of Public Health

Reported Entity: RIVERSIDE COMMUNITY HOSPITAL

Issue:

Based on interview and document review, the facility failed for one patient (Patient A), to ensure that (PHI) Protected Health Information was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information and medical records.Findings:On January 10, 2013, an unannounced visit was made to the facility to investigate a self-reported breach of PHI (protected health information).An interview was conducted with the Facility Privacy Officer (FPO), on January 10, 2013, at 10 a.m. The FPO stated the breach occurred on November 21, 2012. The FPO stated two breaches occurred with this case. The first breach occurred when a nurse told a security officer that Patient A was an employee of the hospital. The second breach occurred when the security officer looked up Patient A's information, took a picture of Patient A and copies of the incident report to Human Resources and told them to terminate Patient A's employment with the hospital because he was combative as a patient. The security officer then took Patient A's photo to the front desk and told staff not to let Patient A back into the hospital. The security officer instructed the front desk staff to escort Patient A off the premises if they saw Patient A entering the hospital.The facility's policy and procedure titled, Safeguarding Protected Health Information, was reviewed. The policy indicated, "The facility will take reasonable steps to safeguard and protect PHI...this policy addresses oral and paper-based PHI...Workforce members may only discuss PHI with other workforce members who have legitimate "need to know"...must ensure that reasonable safeguards are in place when..."The facility failed to ensure Patient A's PHI was not disclosed to any entity not authorized to receive the information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

The report containing this deficiency also includes information about 1 other violation. Note that these may be related to the same event: VT0Q11.02

1 other violation reported on the same date. Note that other citations may be about the same event: 42EF11.01

Do you believe your privacy has been violated? Here’s what you can do: