Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SAINT AGNES MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 27, 2013. Also cited in 16 other reports.
Report ID: TGKX11.01, California Department of Public Health
Reported Entity: SAINT AGNES MEDICAL CENTER
Issue:
Based on staff interview, clinical record and administrative document review, the hospital failed to keep Protected Health Information (PHI) confidential when Patient 1's PHI was accessed by an unauthorized person. This failure resulted in not protecting the PHI for Patient 1 and the potential for unauthorized use. Findings: On 11/13/13 at 1:00 p.m., during an interview, the Privacy Officer (PO) stated that the facility found the breach through an audit on 11/13/13. The breach occurred at a physicians office. The hospital allows physicians to access their patients' medical records to facilitate patient care. It was a physician's office employee who accessed Patient 1's medical record without a business need to know.Patient 1's PHI breached included demographic information, care plans, diagnosis, and medical treatment. The Hospitals "Confidentiality and Network Access Agreement" with Physicians, dated 1/24/13 indicated "Permitted and required access, use and disclosure : I will access, use or disclose Confidential Patient Information (PHI) only for legitimate purposes of diagnosis, treatment, obtaining payment for patient care, or performing other health care operations functions permitted by HIPAA and I will only access, use or disclose the minimum necessary amount of information needed to carry my job responsibilities." The Hospital Policy and Procedure titled, "Privacy and Confidentiality Policy" dated 9/17/09, indicated "The [Hospital] recognizes the importance of safeguarding and valuing the privacy of our patients... [Hospital] requires all employees and affiliates to maintain confidentiality of patient, physician and proprietary business Confidential Information. Access and distribution of Confidential Information is limited to authorized individuals in the performance of normal job-related functions..."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights