Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SHARP CHULA VISTA MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 25, 2014. Also cited in 46 other reports.
Report ID: P29P11.01, California Department of Public Health
Reported Entity: SHARP CHULA VISTA MEDICAL CENTER
Issue:
Based on interview and record review the hospital failed to maintain the right to confidential treatment for 1 sampled patient (1). The content of Patient 1's electronic medical record was intentionally accessed by a hospital employee without a specific need to know the patient's information and without prior authorization from the patient. This practice violated the patient's privacy and risked unauthorized disclosure of the patient's protected health information.Findings:Patient 1 was admitted to the hospital on 2/8/14 with diagnoses which included hypokalemia paralysis (low levels of the blood chemical potassium, which can disrupt normal body functions) per the patient's admission information form.During an interview 7/31/14 at 8:00 A.M., Employee 1 stated that she had worked at the hospital for the past several years. Employee 1 stated that she has been provided with privacy education training on an annual basis. Employee 1 stated that while she was on duty at the hospital she had accessed the electronic medical record of Patient 1 look up laboratory test results. Employee 1 stated that she had accessed Patient 1's electronic medical record "a few times" to look at laboratory test results and that she had not been authorized by the patient or had a work related need to know the information in the patient's record. Employee 1 stated that she was related to Patient 1 and "thought it was okay".During an interview and joint record/document review on 7/31/15 the hospital's monitoring and investigation was reviewed with the Quality Specialist (QS). The monitoring and investigation indicated that Employee 1 had accessed Patient 1's electronic medical record on 5 occasions: 2/3/14, 2/17/14, 2/11/14, 2/12/14 and 2/28/14. A review of the current hospital policy entitled Confidentially of Information, included "G. Sensitive information collected and generated within [hospital name] shall be maintained in such a manner that access to it is restricted to those with a need to know...I. Viewing or obtaining sensitive information not needed for an assigned or professionally appropriate task constitutes a violation of confidentially. Individuals may not: 1. Allow or participate in access, use or disclosure of sensitive information not needed for their job. This includes, but is not limited to, information belonging to other employees, co-workers, family or friends." The QS acknowledged that Patient 1's protected health information was intentionally accessed by an unauthorized employee of the hospital, without a job related need to know and that the patient's right to privacy and confidentiality had not been maintained.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights