HIPAA Helper »
KAISER FOUNDATION HOSP SO SACRAMENTO »
Sep 16, 2014

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

KAISER FOUNDATION HOSP SO SACRAMENTO

6600 BRUCEVILLE ROAD SACRAMENTO,CA 95823

Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 16, 2014. Also cited in 16 other reports.

Report ID: TFPW11.01, California Department of Public Health

Reported Entity: KAISER FOUNDATION HOSP SO SACRAMENTO

Issue:

Based on staff interview, record review, and facility document review, the facility failed to prevent unauthorized access to Protected Health Information (PHI) when Employee 1 accessed Patient 1's medical record without justification.Findings:On 8/18/14 Employee 1 accessed Patient 1's medical record without justification. The breach of PHI was detected during an internal audit on 8/21/14.In an interview with the Compliance Officer (CO), on 9/16/14, at 2:50 p.m., CO stated when "High Profile Patients, such as celebrities or employees," are admitted a "Break the Glass" function is placed in the Electronic Medical Record (EMR). CO explained the "Break the Glass" function of the EMR was to protect "High Profile Patients" from unwarranted access to their PHI. During an audit of Patient 1's EMR, one staff member was identified to have viewed PHI without justification. CO stated Employee 1 admitted to looking at Patient 1's PHI because of personal health concerns. CO stated a corrective action plan is currently under review by Senior Leadership.Review of facility document titled, "Timeline of Suspected [name of virus] Exposure and Privacy Update", dated 8/18/14, indicated the following:1. "Compliance Officer initiated "Break the Glass" on [Patient 1's] EMR";2. "[Patient 1] placed on "Confidential Admission status, which prohibits release of information about the patient, including general medical condition, location in the facility and visitation. The prohibition extends to the public including family, friends, media, and clergy"; and3." Compliance Officer provided affected departments a huddle message to all managers: Respect Confidentiality and Privacy and Security."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

6 other violations reported on the same date. Note that other citations may be about the same event: 0YM111.01, 9VIQ11.01, BX5Y11.01, KR2711.01, N0Z211.01, OFK411.01

Do you believe your privacy has been violated? Here’s what you can do: