Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIVERSIDE COMMUNITY HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 13, 2014. Also cited in 64 other reports.
Report ID: JMK811, California Department of Public Health
Reported Entity: RIVERSIDE COMMUNITY HOSPITAL
Issue:
Based on staff interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient A's protected health information (PHI), when a document containing Patient A's information was given to the wrong patient. This had the potential to result in the misuse of the patients' private demographic and health information.Findings:On February 13, 2014, at 9:00 a.m., an investigation was conducted for this entity reported incident.On February 13, 2014, at 9:20 a.m., the Facility Privacy Official (FPO) was interviewed. The FPO stated on January 28, 2014, an unauthorized disclosure of Patient A's PHI occurred. The FPO stated on January 21, 2014, the responsible party for Patient A, received documents meant for another patient. A review of the FPO documentation which was given to the wrong patient included Patient A's name, date of birth, medical record number, and nursing progress notes related to Patient A.On February 10, and February 11, 2014, a letter was sent (multiple attempts) to Patient A's last known address, but all letters were returned and stamped, "not at this address and undeliverable." The letter indicated, "We are writing to inform you that on January 28, 2014, a recent unauthorized disclosure of a patient's protected health information. The disclosure involved (1) patient (name of patient and his medical record) who received services at our facility. The information included the following direct identifiers: demographic information and clinical information."On February 13, 2014, a review of the facility policy titled, "Safeguarding Protected Health Information," with an effective date of September 23, 2013, was done. The policy indicated: "Purpose: to facilitate compliance ...To establish guidelines for protecting and safeguarding protected health information ...The facility must take reasonable steps to safeguard and protect PHI ...Paper Documents Containing PHI ...Facilities must have a process in place to verify documents are for the correct patient prior to providing the documents to the recipient (e.g., verify recipient and content prior to giving discharge papers to an individual) ... "
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280