Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
RIDGECREST REGIONAL HOSPITAL
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 7, 2013. Also cited in 4 other reports.
Report ID: PWZR11, California Department of Public Health
Reported Entity: RIDGECREST REGIONAL HOSPITAL
Issue:
Based on interview and record review the hospital failed to safeguard the privacy rights of Patient 1(P1) when a Certified Nursing Assistant 1(CNA1) had purposely accessed the private medical information of a patient that was not directly under her care. This had the potential to affect Patient 1's emotional well being.During an interview with the Administrator of Human Services and Support Services (AHRSS) on 1/7/13 at 2:15 PM, she stated, "CNA 1 was given a written warning and three days suspension without pay...We sent letter to the family member notifying them of breach on 1/19/12During an interview with CNA 1, on 1/16/13, at 4:50 PM, she stated, "Yes I did...I did not think what I'm really doing at that time...I even warned other staff members. I told them I got in trouble for unauthorized access to the patient's Protected Health Information (PHI).During an interview with the Health Information Management Manager (HIMM), on 1/17/13, at 8:49 AM, she stated, "CNA 1 accessed the record unauthorized so this was reported to me."During an interview with the clinical manager of Intensive Care Unit (ICU), on 1/17/13, at 9:30 AM, she stated, "CNA 1 accessed the record of the patient. She had the password so she can have access to the data. This was reported to the privacy officer."During an interview with the nurse manager of Transitional Care and Rehab unit, on 1/17/13, at 10:25 AM, she stated, "CNA 1 went to the computer and looked at some information...She purposefully accessed the record of a patient in which she was not involved in caring."During a review of the record, Privacy Complaint Investigation Form under investigation read, "...There was an access...to the above patients flow sheet on 11/10/12, twice on 11/11/12 and once on 11/13/12..."The interpretation read, "...CNA 1 intentionally looked at a patient's chart without a need to know."The conclusion read, "...CNA 1 admitted an intentional HIPAA (Health Insurance Portability and Accountability Act) violation."The facility policy and procedure titled, Confidentiality of Protected Health Information under Policy, paragraph two read"...Access or attempted access to the system with other than assigned passwords or outside of a patient/provider relationship is subject to Administration disciplinary."Under guideline letter E read, "Any unauthorized access dissemination or discussion of PHI , confidential information shall be reported immediately to the appropriate manager or medical executive committee.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights