This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

RIDGECREST REGIONAL HOSPITAL

1081 NORTH CHINA LAKE BLVD RIDGECREST,CA 93555

Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 3, 2011. Also cited in 4 other reports.


Report ID: EJYH11, California Department of Public Health

Reported Entity: RIDGECREST REGIONAL HOSPITAL

Issue:

Based on interview and record review, the hospital failed to protect patient health information from unauthorized access (1). This had caused a violation of patient rights. Findings: During an interview with the Health Information Manager/Privacy Officer (HIM/PO) on 3/3/11 at 12 PM, she stated the hospital received a complaint from Patient 1 regarding an unauthorized access of her medical record. The HIM/PO stated the hospital investigation determined the breach occurred. She stated the electronic trace for computer access revealed Staff A accessed Patient 1's medical record and Staff A was not assigned to care for Patient 1. The HIM/PO stated Staff A viewed computer screens that contained protected health information which included Patient 1's name, address, home phone number, social security number, admission complaint, admission diagnosis, physician, past surgeries, medical history, financial class, weight, height, and date of birth. The electronic medical record access log was reviewed on 3/3/11. The "Paragon HIPAA Trace by Visit", dated 2/21/11, indicated Staff A accessed the clinical record of Patient 1 from the computer device in the Pediatric Department. Staff A viewed the "vital sign", "flow sheet", and "patient profile" windows of the clinical record on 1/9/11 starting at 9 PM. The employee file for Staff A was reviewed on 3/3/11. The "Protected Health Information" confidentiality agreement was signed by Staff A on 12/1/10. The hospital policy and procedure titled "Confidentiality of Protected Health Information" dated 8/21/10, indicated "All information that is deemed 'PHI' by [facility] and/or specific legal statues shall be kept confidential..."

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights

Do you believe your privacy has been violated? Here’s what you can do: