Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
ARROWHEAD REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 5, 2012. Also cited in 9 other reports.
Report ID: DXOC11, California Department of Public Health
Reported Entity: ARROWHEAD REGIONAL MEDICAL CENTER
Issue:
Based on observation, interview and record review, the facility failed to ensure that all patient medical records were kept confidential and secured to prevent unauthorized individuals from accessing the records. This failure had the potential for unauthorized individuals to access patient personal health information. Findings:A tour was conducted of the Medical Intensive Care Unit, with Registered Nurse (RN) 2 and the Intensive Care Unit (ICU) Manager, on November 6, 2012 at 12 PM. The unit's patient nutrition room (an unlocked room), contained 12 patient medical records. The medical records were easily accessible and contained patient health information, including laboratory values. During an interview, on November 6, 2012 at 12 PM, RN 2 stated that the nutrition room was an unlocked room and that there was no method of monitoring who accessed the room. RN 2 stated that the dietary staff accessed the area to stock the room with food and that the house keeping staff accessed the room to clean it. RN 2 also stated that the patient records were kept in the nutrition room because the respiratory therapists used the room to store their patient records.During an interview, on November 6, 2012 at 12 PM, the ICU Manager stated that the nutrition room was an unlocked area and any personnel can access the room. The ICU Manager also stated that the patient medical records were kept in the nutrition room because it was easily accessible to the respiratory therapists who work in an adjacent station near the nutrition room. A record review, of the facility policy for "Patient Information Privacy & Security -HIPAA Compliance, revised on 2/14/12," was conducted on November 6, 2012 at 2:30 PM. The policy revealed the following: "...e. SAFEGUARDING PATIENT INFORMATION - Department staff will implement and adhere to appropriate administrative, technical, and physical safeguards which ensure protected health information (PHI) is not accessible by unauthorized individual and is protected from any intentional or unintentional use or disclosure in violation of Medical Center Privacy Policies...and/or the Federal privacy Regulations...Medical Charts are secured at all times. (Charts are not left on counters or in unsecured areas..."
Outcome:
Deficiency cited by the California Department of Public Health: CONFIDENTIALITY OF MEDICAL RECORDS