Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIDGECREST REGIONAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 3, 2011. Also cited in 4 other reports.
Report ID: EJYH11, California Department of Public Health
Reported Entity: RIDGECREST REGIONAL HOSPITAL
Issue:
Based on interview and record review, the hospital failed to protect patient health information from unauthorized access (1). This had caused a violation of patient rights. Findings: During an interview with the Health Information Manager/Privacy Officer (HIM/PO) on 3/3/11 at 12 PM, she stated the hospital received a complaint from Patient 1 regarding an unauthorized access of her medical record. The HIM/PO stated the hospital investigation determined the breach occurred. She stated the electronic trace for computer access revealed Staff A accessed Patient 1's medical record and Staff A was not assigned to care for Patient 1. The HIM/PO stated Staff A viewed computer screens that contained protected health information which included Patient 1's name, address, home phone number, social security number, admission complaint, admission diagnosis, physician, past surgeries, medical history, financial class, weight, height, and date of birth. The electronic medical record access log was reviewed on 3/3/11. The "Paragon HIPAA Trace by Visit", dated 2/21/11, indicated Staff A accessed the clinical record of Patient 1 from the computer device in the Pediatric Department. Staff A viewed the "vital sign", "flow sheet", and "patient profile" windows of the clinical record on 1/9/11 starting at 9 PM. The employee file for Staff A was reviewed on 3/3/11. The "Protected Health Information" confidentiality agreement was signed by Staff A on 12/1/10. The hospital policy and procedure titled "Confidentiality of Protected Health Information" dated 8/21/10, indicated "All information that is deemed 'PHI' by [facility] and/or specific legal statues shall be kept confidential..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights