Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 6, 2014. Also cited in 64 other reports.
Report ID: CBR711, California Department of Public Health
Reported Entity: RIVERSIDE COMMUNITY HOSPITAL
Issue:
Based on staff interview and record review the facility failed to prevent the unauthorized access and/or disclosure of Patient 1's private health information (PHI) during the discharge process. Patient 1's private health information was inadvertently given to Patient 2 during Patient 2's discharge. This had the potential to result in the misuse of Patient 1's private health information.Findings:On November 10, 2014, at 11:30 a.m., the facility's Privacy Protection Office Manager (PPOM) was interviewed. The PPOM stated, "The patient's (Patient 1's) demographic information was accidentally given to another patient (Patient 2) during the discharge process. The patient (Patient 2) did leave the facility with the private information. The patient (Patient 2) drove back to the facility and dropped the (PHI) papers off. The information was immediately returned."A review of the facility letter sent to Patient 1 on November 3, 2014, indicated,"The disclosure involved...demographic information: name, date of birth, sexual orientation, medical record number, account number, physician's name, discharge status, discharge instructions pertaining to "Monitoring Fetal Movement (Kick Counts), information on quitting smoking, and when to call the physician."A review was conducted of the facility policy, "Discharge/Teaching Infant/Mother Education" revised date of October 2011. The policy indicated, "Discharge instructions-two patient identifiers (information used with the discharge process-such as the patient stating name to match paperwork, identification band matching paperwork).The facility failed to follow procedure with patient identifiers used to match discharge paperwork with the actual patient (Patient 2) being discharged. This had the potential to result in the misuse of Patient 1's private health information when PHI was inadvertently given to Patient 2.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280