Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SANTA CLARA VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 24, 2012. Also cited in 90 other reports.
Report ID: VWQV11.01, California Department of Public Health
Reported Entity: SANTA CLARA VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to provide confidential medical treatment for two of two sampled patients (1, 2). Findings:On 8/24/12 at 11 a.m. during an entity reported incident investigation, the privacy officer stated an employee of one of their business associates (company contracted to provide billing services) accessed medical records for Patient 1 and Patient 2 without a business related reason to do so. After an internal investigation, employee A admitted to accessing medical records for Patient 1 and Patient 2 out of curiosity and because she was asked to do so by a friend. On the above same day and time the hospital provided the contract with the above business associate dated 10/1/2006 which indicated the business associate would comply with all the hospital's privacy rules and regulations. On 8/27/12 at 2 p.m. a review of the "audit trail" (log indicating which employee had accessed the patient's medical record) for Patient 1 and Patient 2, indicated employee A had accessed Patient 1's medical record on 7/22/09 and 8/1/11 and Patient 2's medical record on 8/15/11 and 10/27/11. Information disclosed included the patients' names, dates of birth, social security numbers, and medical information.
Outcome:
Fine imposed and deficiency cited by the California Department of Public Health: Patients' Rights