Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
FEATHER RIVER HOSPITAL
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 16, 2012. Also cited in 7 other reports.
Report ID: 3SWH11.01, California Department of Public Health
Reported Entity: FEATHER RIVER HOSPITAL
Issue:
Based on interview and record review, the facility failed to ensure that Patient 1's medical information was protected from unauthorized access when Staff B accessed Patient 1 ' s records for personal use.Findings:On 1/5/12 at 3:27 pm, the California Department of Public Health received notification from the facility of a potential breach of confidentiality in which Staff A saw Staff B accessing Patient 1's record on 12/28/11 at 9:30 am.On 2/16/12 at 10:45 am, Staff A stated that on 12/28/11 at approximately 9:30 am, she was in the operating room during a procedure and saw Staff B access the patient demographic screen on the computer for Patient 1, who was not in the operating room, not on the surgical procedure schedule, and not an employee. Staff A related that when Staff B saw that she was being watched, she quickly got out of the patient record. Staff A reported the incident to her supervisor after the procedure on 12/28/11.On 2/16/11, facility computer audit records were reviewed. These records confirmed that Staff B accessed Patient 1's demographic information which included name, date of birth, medical record number, age, race, gender, allergies, physician, address, telephone number, marital status, primary language spoken, and religion on 12/28/11 at 9:23 am.On 2/16/12 at 9:10 am, Supervisor C stated that she met with Staff B on 1/5/12, who admitted to accessing the screen to verify a telephone number for personal use and then received discipline for not following the facility's privacy policy. On 3/15/12 at 5:05 pm, Staff B confirmed that she accessed Patient 1's medical record on 12/28/12 for personal reasons. Staff B acknowledged that she had accessed Patient 1's record because she recognized the telephone number in a newspaper advertisement for the sale of puppies. Staff B wanted to confirm that the telephone number was that of Patient 1. Staff B further confirmed that she did not have Patient 1's permission to access his record on 12/28/12.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280