Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 12, 2013. Also cited in 24 other reports.
Report ID: O91F11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Issue:
Based on interview and record review, the hospital failed to prevent unauthorized access to one patient's (1) medical information by five hospital staff. Findings:On 3/29/13 the California Department of Public Health received a faxed report from the hospital compliance director which indicated the hospital identified unauthorized access to Patient 1's health information.During an interview on 7/19/13 at 9:00 a.m., the compliance director stated the hospital determined Staff A, B, C, D and E accessed the medical record of Patient 1. The compliance director stated review of "User Audit Report" indicated Staff A accessed the information on 3/26/13 and 3/27/13, Staff B on 3/26/13, Staff C on 3/27/13 , Staff D on 3/26/13 and Staff E on 3/26/13. The information included name, date of birth, medical record number, physician, and diagnosis. The compliance director stated the staff members had no clinical or business need to access the information. All staff were suspended and Staff C, D, and E were terminated. On 9/11/13, review of the "User Audit Reports" provided by the hospital confirmed Staff A, Staff B, Staff C, Staff D, and Staff E did access Patient 1's medical record as reported by the hospital. Staff C, D, and E were unable to be contacted by telephone to arrange for interviews. During an interview on 7/19/13 at 9:05 a.m., Staff A stated she had looked at a view of Patient 1's medical record because she was concerned about him but had no business or clinical reason to do so. Record review at 9:15 a.m. indicated Staff A had completed an inservice on privacy and confidentiality on 9/20/12.In an interview on 7/19/13 at 9:40 a.m., Staff B stated she had accessed Patient 1's electronic record to determine his whereabouts in the hospital. Staff B stated she clicked on the patient census which accessed Patient 1's name, room number and physician. Staff B stated she did not have business or clinical need to access the information. Record review at 9:50 a.m., indicated Staff B had completed an inservice on privacy and confidentiality on 10/10/11.Record review on 7/19/13 at 1:30 p.m., of the hospital personnel manual dated 3/2012, indicated, "Everyone is expected to treat patient and hospital information in a respectful, professional, and confidential manner. Such information should never be viewed or discussed with another for reasons of personal interest or for reasons outside the employee's responsibilities."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280