Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
BAKERSFIELD MEMORIAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 3, 2011. Also cited in 18 other reports.
Report ID: OZQ011, California Department of Public Health
Reported Entity: BAKERSFIELD MEMORIAL HOSPITAL
Issue:
Based on interview and record review, the hospital failed to protect one patient's (A) health information when a hospital employee (1) disclosed Patient A's protected health information on a social website. Findings: The hospital report was reviewed on 1/3/11. The incident description read, "On December 15, 2010, we learned that some medical information, while a patient in 2006 and 2007, was briefly referenced on a social website on or about December 14, 2010. The medical information posted is limited. It made a brief reference to the patient's last name, approximate length of hospitalization, and the fact that he was on a ventilator." During an interview with the Director of Risk Management (DORM) on 1/3/11 at 1:50 PM, she stated Employee 1 was a Registered Nurse in the Intensive Care Unit. On 12/15/10, someone left a copy of two Facebook (a social network Internet site) pages written by Employee 1 under the door of the Intensive Care Unit Manger's office. The DORM stated, "In our education we require reporting of any breaches of patient information. We notified the family through their attorney, since there is litigation in process." The DORM also indicated Employee 1 was terminated on 12/27/10. Employee 1's training record was reviewed on 1/4/11 at 2:45 PM with the Head of Human Resources. The documentation in the training record indicated Employee 1 had received HIPPA training on 2/25/10. The training material indicated in part, "You must maintain patient privacy at all times, which includes the release of patient information to a social networking site. We are required by law to keep medical information private." During a review of the copy of the Facebook page of Employee 1 on 1/4/11 at 4 PM, it read in part, "... getting ready to give a deposition in the (Patient A) lawsuit against Memorial Hospital, wherein the crazy ***** (expletive) claims I hit her fat pig of a husband with a bed pan. Holy **** (expletive)." It also indicated, "I'll save the 357 for HER! Haaa. Every ICU nurse is being accused of some bull**** (expletive), the funniest of which is, two great big filipino men came in, beat him up, threw him on the floor, and then put him back to bed, all while he was on a ventilator. I don't know how her attorneys can take any of her bull**** (expletive) seriously, but I gotta waste a day off giving a deposition. Not pleased. He was there for MONTHS! Remember his crazy wife? She'd come in at night with the hood up and extended past her face."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights