Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 6, 2014. Also cited in 123 other reports.
Report ID: D30S11, California Department of Public Health
Reported Entity: RIVERSIDE COUNTY REGIONAL MEDICAL CENTER
Issue:
Based on interview and document review, the facility failed to ensure for one patient (Patient A), that his protected health information (PHI) was not disclosed to any entity not authorized to receive the information. This failure resulted in unauthorized access of Patient A's PHI, including the patient's name, date of birth, medical record number and account number.Findings:On February 6, 2014, at 8:45 a.m., a telephone interview was conducted with the Administrative Services Officer (ASO). The ASO stated a physician's procedure note containing Patient A's demographic information with his name, date of birth, medical record number and account number was incorrectly transcribed into a procedure note for Patient B. The ASO stated the physician dictated the procedure note into a tape recorder and mistakenly entered Patient A's demographic information, however, the physician was referring to a procedure performed on Patient B. The ASO stated the medical transcriber did not catch the error while transcribing the note from the tape recorder into the computer, and the procedure note was automatically sent to another facility for billing purposes. The ASO stated the transcriptionist was supposed to check if the patient's name and medical record number matched when transcribing a physician's procedure note, but it was not done. The ASO stated neither Patient A or B received a copy of the note, only the medical biller at the other facility viewed the note with Patient A's demographic information on it. The ASO further stated Patient A was notified by letter on December 20, 2013, about the release of the information.The facility's policy and procedure titled, "Patient Privacy, Confidentiality, Medical Records, And Access To, Or Release Or Disclosure Of, Patient Information," revised March 16, 2003, was reviewed. The policy indicated, "(Facility) has established and shall maintain appropriate administrative, technical, and physical safeguards to protect the privacy of a patient's medical information. (Facility) and its personnel shall reasonably safeguard confidential medical information from any unauthorized access or unlawful access use, or disclosure."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280