ALVARADO HOSPITAL MEDICAL CENTER

Report ID: 3GGE11, California Department of Public Health

Reported Entity: ALVARADO HOSPITAL MEDICAL CENTER

Issue:

Based on interview, document and record review the hospital failed to ensure that nursing staff practiced methods to maintain the confidentiality of personal and protected health information (PHI) in all patient care areas to include those closed patient care areas when pictures of three nursing staff members were posted on a social media web-page. Patients personal information was visible in one posted picture where two nurses posed in front of a telemetry monitor screen (a portable box that, when attached to a patient, displays the electrical signal of the heart rate, the heart rate and rhythm observed at a central location at a nursing station). Failure to implement methods to maintain the confidentiality of personal and PHI violates a patient's rights, their protection and security especially for those with special circumstances.Findings:An on site investigation of an anonymous reported privacy breach was initiated on 12/12/13 at 1:40 P.M. At that time, an interview with the hospital's Privacy Officer (PO) was conducted. The PO stated that no cell phones or personal cameras are not to be used in any patient care areas in accordance to the hospital's policy. The PO stated the hospital has incorporated education on common breaches with use of social media such as facebook, twitter, my space, and sypke during the annual Health Insurance Portability and Accountability Act (HIPAA-privacy law to protect certain health information). An interview with the Director of Custody/Telemetry (DCT) was conducted on 12/12/13 at 2:00 P.M. The DCT stated employees are not to have their cell phone on them during working hours especially in patient care areas. The DCT stated if she was aware of any pictures taken at any of the patient care areas she would notify the PO. The DCT denied having any knowledge of posted pictures in a patient care areas displayed on a social media web-page.A review of the hospital's policy titled "Telephone use" indicated under "Cell Phones: 2. Personal cell phones are not to be used (might include: voice, texting, camera) during working hours. Exception: when issued/directed by administration/direct for approved business purposes. 4. Camera phones are prohibited in patient care areas... 5. Inappropriate use of personal cell phones may be grounds for performance management up to and including termination of employment." An interview and review of a printed copy of the posted pictures on facebook with Registered Nurse (RN) 1 was conducted on 12/12/13 at 2:30 P.M. RN 1 stated, "cell phones could be used in non-patient care areas but no camera usage." When RN 1 was asked about posting pictures on a social media web-page, she stated "never post any patient information and should not take or post any pictures at the nursing station." RN 1 stated, "There were Halloween pictures posted on facebook of our cute hats, taken at the five south nursing station which is closed. I do not remember if I took any of the pictures." RN 1 further stated, she could not remember if any of the pictures taken on Halloween were posted on facebook. She then stated, "there was no patient related information displayed, we only wore our identification badges."A review of a copy of the facebook pictures that were posted with the Chief Nursing Officer (CNO) and the PO was conducted on 12/12/13 at 3:30 P.M. After review of the printed copy of the posted pictures along with comments it was confirmed that the DCT and RN 1 were knowledgeable of such violation in patient rights. Both the CNO and the PO stated that the patient care area where the pictures were taken was on a closed patient care area (5S). The CNO stated the nurses who posed in the pictures, the nurse who posted the pictures, and those employees who commented on the web-page and did not report to the PO did not follow the hospital's policy. The CNO and the PO acknowledged that the hospital's policy for use of cell phones had not been followed.On 5/20/14 at 9:45 A.M., another review of the copy of the pictures that were posted on facebook was conducted. It was identified that one of the pictures posted had been taken on the closed unit (5S); however, the other two pictures were taken on the telemetry unit. On one of the pictures, two nurses posed in front of the telemetry monitor screen, in the gap between the nurses on the monitor displayed greenish blue information once zoomed in patient names and the patient's heart rate and rhythm could be seen.On 5/20/14 at 9:50 A.M., during a telephone conversation with the PO, the new discovery of the visibility of the telemetry monitor screen was discussed. The PO once again confirmed that 5S was a closed patient care area at the time of the investigation. The PO questioned the ability to view patient information displayed on the telemetry monitor, when mentioned a person ability to zoom in on the picture to visualize a larger picture of the information; he then acknowledged that this new discovery was indeed a breach in patient's personal and PHI.

Outcome:

Deficiency cited by the California Department of Public Health: Patients' Rights