Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
MERCY HOSPITAL OF FOLSOM
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 19, 2014. Also cited in 11 other reports.
Report ID: CF2K11.01, California Department of Public Health
Reported Entity: MERCY HOSPITAL OF FOLSOM
Issue:
Based on facility staff interview, policy review, and medical record review, the facility failed to prevent unauthorized access of Patient 1's Health Information (PHI). The information included personal, private, and confidential information. This failure had the potential to jeopardize the privacy of PHI.Findings:On 10/24/13 the hospital reported a breach incident to the Department. On 10/17/13 a registered nurse (RN 1), who was not a member of Patient 1's healthcare team, accessed Patient 1's medical record reading the consent for surgery. The consent contained the following patient health information: patinet name, age/date of birth, date of service, medical record number, location, procedure to be performed and the physician's name. During an interview with Registered Nurse 1, responsible for the Breach of the PHI, on 5/20/14 at 10:44 a.m., he confirmed he had wanted to reassure the patient, but later realized he should not have looked at the patients chart. On review of facility's Privacy & Data Security Refresher FY 2013, page 28, "Inappropriate Access & Snooping" it stipulates, "PHI may not be accessed by any employee, contractor, or physician without a legitimate business purpose..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280