Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SANTA CLARA VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 27, 2012. Also cited in 90 other reports.
Report ID: YTBQ11, California Department of Public Health
Reported Entity: SANTA CLARA VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to implement a patient's right to confidential treatment of their medical information for three sampled patients (1, 2, and 3). Hospital employees accessed the patients medical records without authorization or need. Findings:During an interview on 11/27/12 at 9:30 a.m., the compliance analyst (CA) stated on 8/29/12, the hospital was informed by a family member the confidential medical information of Patients 1, 2, and 3 had been accessed at the request of a hospital employee.The CA stated that on 12/13/11 staff A asked staff B to look up the confidential information of Patient 1. At the request of staff A, staff B accessed Patient 2's electronic medical record on 5/9/11 and Patient 3's on 1/9/12. Staff A and staff B were coworkers and neither were authorized to access the medical records of any of the three patients.The information accessed included the patients' dates of birth, social security numbers and diagnoses.The audit report prepared by hospital information services confirmed staff B had accessed all three patients' records.The CA stated records are accessed on a need to know basis with the minimum information necessary to complete the intended task.During an interview on 12/6/12 at 10:15 a.m., staff B stated staff A asked her to access the medical records of Patient 1, 2, and 3. Staff B stated she was also requested to look up the social security number of Patient 2.During an interview at 11:00 a.m., staff A confirmed she had requested staff B to access Patient 1, 2 and 3 medical records.Record review on 12/10/12 of the hospital policy regarding using and disclosing protected health information dated 10/15/2009, indicated: "It shall be the policy that all access, uses, and disclosures of and requests for protected health information, electronic protected health information shall be limited to the minimum amount that is reasonably necessary to accomplish the intended purpose of the request, access, use or disclosure."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights