SAN JOAQUIN COMMUNITY HOSPITAL

Report ID: C3R711, California Department of Public Health

Reported Entity: SAN JOAQUIN COMMUNITY HOSPITAL

Issue:

Based on interview and record review, the hospital failed to protect a patient's (Patient 1) health information from viewing by an unauthorized person which resulted in access and disclosure of personal information to the unauthorized person. Findings: During an interview with the Director of Health Information Management (DHIM), on 12/22/11 at 8:30 AM, she stated, "On 11//05/11 an off duty Registered Nurse (RN A) entered the Post-anesthesia recovery room with a family member and accessed a family member's (father) medical record without authorization." The patient was notified by certified mail of the incident." DHIM stated the family member was RN A's brother and the patient was their father. At the time of the information breach, Patient A was in the hospital's emergency room and had an X-ray completed. RN A took her brother to view the X-ray film without authorization from Patient 1.The hospital policy and procedure titled: "HIPAA"(Health Insurance Portability and Protection Act) dated 2011, indicated "Health Care Providers must maintain the privacy and security of Protected Health Information, which is identifiable patient information that is maintained or transmitted in any form, including oral communication and protecting access to electronic and other health information and can be used and disclosed only for purpose of treatment and payment unless otherwise authorized by the patient. Human Resource documentation dated, 7/12/11 indicated that Registered Nurse A had taken a " HIPAA Awareness: The privacy Rule " class on 7/12/11.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights