Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 15, 2012. Also cited in 64 other reports.
Report ID: 7UQ411.01, California Department of Public Health
Reported Entity: RIVERSIDE COMMUNITY HOSPITAL
Issue:
Based on interview and document review, the facility failed for one patient (Patient A), to ensure that (PHI) Protected Health Information was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information and entire medical records.Findings:On May 15, 2012, an unannounced visit was made to the facility to investigate a breach of PHI.On May 15, 2012, at 3 p.m., an interview was conducted with the Facility Privacy Officer.The Facility Privacy Officer stated on November 23, 2011, Patient A's mother requested her daughter's medical records. The Health Port ( a contracted medical records service company) representative copied and mailed the medicals record to the wrong address. On December 1, 2011, the person who received the records called the hospital and reported that she had received Patient A's medical records. The hospital staff requested that the caller bring the copies back to the hospital, but the caller never did. The hospital was not able to retrieve Patient A's medical records. The Privacy Official stated the breach occurred because the employee did not verify the patient's address prior to mailing the medical records, and was at fault for releasing Patient A's medical records to the wrong person. The facility's policy and procedures, titled, "Health information Management," dated November 1, 2011, indicated, "The facility must take reasonable steps to safeguard and protect PHI. The facility must utilize appropriate administrative, physical, and technical safeguards in order to protect PHI from inappropriate and/or unauthorized access, use, and/or disclosures.The facility failed for Patient A, to ensure her Protected Health Information was not disclosed to any entity not authorized to receive the information.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280