Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
KAISER FOUNDATION HOSPITAL - RIVERSIDE
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 2, 2014. Also cited in 25 other reports.
Report ID: 4PW911, California Department of Public Health
Reported Entity: KAISER FOUNDATION HOSPITAL, RIVERSIDE
Issue:
Based on interview and record review, the facility failed to ensure Patient A's private health information was protected from misuse by unauthorized entities, when the patient's information was faxed to an unauthorized recipient. This failure to ensure patient information was sent to the appropriate receiver put Patient A at risk for misuse of private health information.Findings:During an interview with the Compliance Project Manager (CPM), on July 2, 2014, at 10:30 a.m., the CPM stated a fax meant for an insurance company was inadvertently faxed to the wrong recipient. The CPM stated the document contained Patient A's name, date of birth, medical record number and last four digits of the patient's social security number. The CPM also stated the document contained medical information, including the patient's diagnosis and dates of service. A copy of the letter sent to Patient A was reviewed on July 2, 2014. The letter indicated, "Documents containing your protected health information were inadvertently faxed to an outside agency. The agency destroyed the documents received. The following information was available for viewing: Your name, medical record number, address, date of birth, last four digits of you social security number, disability information, discharge summary, medication, operative report, history and physical examination and diagnosis."A review of the facility policy, "Mitigation of Impermissible Uses and Disclosures of Protected Health Information (Revision Effective: September 23, 2013)," was conducted. The policy indicated, "(the facility) must take action to reduce or eliminate, to the extent feasible, any known compromise caused by an impermissible use or disclosure of Protected Health Information..."A review of the facility Policy, "Electronic Communication Functions," with a last reviewed date of August 2012, was conducted. The policy indicated, "Verify fax numbers before sending non-public information to assure numbers are correct for the intended addressees and to assure the receiving fax machines are either in secure, non-public areas or that intended recipients or their designee are at the fax machines awaiting the fax messages."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280