Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CLOVIS COMMUNITY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 20, 2014. Also cited in 27 other reports.
Report ID: KODB11, California Department of Public Health
Reported Entity: CLOVIS COMMUNITY MEDICAL CENTER
Issue:
Based on staff interview, clinical record, and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when Patient 1's PHI was accessed without business need know. This failure resulted in the breach of Patient 1' PHI and the potential for unauthorized use. Findings: On 11/4/14 at 9:15 a.m., during an interview, the Privacy Officer (PO) stated Patient 1's PHI had been breached on 10/7/14 when a medical doctor (MD) gained access to the patient's electronic clinical record on the hospital computer system by "Breaking the Glass". The definition of this term is accessing the electronic clinical record after warnings the record is not to be accessed by unauthorized staff for any reason. Review of the medical record indicated the following information was viewed by the MD in the electronic clinical record: Patients name, date of birth, date of service, medical record and account number, and clinical information related to Patient 1's hospitalization on 8/20/14.The hospital policy and procedure titled "HIPAA General Rules for the Use and Disclosure of PHI" dated 4/18/12, indicated "II. Definitions: A. Protected Health Information and Records: 2. The paper and electronic records of ..., which contain PHI, are created and maintained for the purpose of providing patient care and for facilitating ... business processes. Any person who uses PHI and/or records from ... without authorization or for unauthorized purposes are subject to disciplinary action ... B. ... Privacy and Policies Procedures: 2. It is the responsibility of all ... workforce members to comply with the policies and procedures and to cooperate with ... management to identify and correct problems that may cause privacy or security breaches. N. Data security: 1. Patients have the right to expect that their information is collected, stored and maintained in a reliable manner and sufficient precautions are taken by the hospital to prevent its misuse."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights