Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 7, 2013. Also cited in 24 other reports.
Report ID: PZSO11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Issue:
Based on interview and record review, the hospital failed to protect the right for confidential treatment of medical records for three of three sampled patients (1, 2 and 3) when an unauthorized employee accessed the patients' medcial records. Findings: During an interview on 1/7/13 at 11:30 a.m., the privacy officer (PO) stated on 11/28/12 a random audit of electronic medical record activity for employee A (EA) during the months of October and November, 2012, demonstrated inappropriate access of information contained in the records of three patients (1, 2 and 3). The PO stated EA had no legitimate reason to access the records. The PO stated she and EA's manager conducted an internal investigation. The PO stated during an interview conducted in the course of the investigation, EA admitted she accessed the records and stated she liked to see how people were doing.On 1/9/13 a review of the hospital electronic record audit for EA indicated the following:EA accessed Patient 1's record on 10/15/12 and viewed patient location and business information, and the medical record. EA accessed Patient 2's record on 10/18/12 and viewed patient location, business information, and physician orders.EA accessed Patient 3's record on 11/25/12 and viewed patient location and business information. During an interview on 1/16/13 at 1:20 p.m., EA stated she viewed a number of patient records which were related to her work as a radiologic technician. She stated the problem, as explained to her by the PO, was she accessed the records either before or after procedures were done, when access was not necessary. EA stated her motivation in viewing the records was professional only. On 1/16/13 a review of the 3/2012 hospital policy and procedure titled "Confidentiality of Patient and Hospital Business Information" indicated employees must treat patient information in a confidential manner. The policy indicated employees were not permitted to view patient information for reasons of personal interest or for reasons outside the employee's responsibilities. Information viewed included the patient's name, current location, visit reason, allergies, address, phone number, age, gender, marital status, birth date, religious affiliation, physician orders, history and physical, progress notes, consultation notes, patient care plans, assessments, and interventions.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights