Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
O'CONNOR HOSPITAL
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 17, 2012. Also cited in 6 other reports.
Report ID: 5HZL11.03, California Department of Public Health
Reported Entity: O'CONNOR HOSPITAL
Issue:
Based on interview and record review, the hospital failed to ensure confidentiality of personal health information (PHI) for one sampled patient (1) when a hospital staff member (ST 1) confided specific care issues during a social telephone conversation with another health care provider (RT 1) who was not an employee of the hospital. Findings: Patient 1 had multiple admissions to the hospital for treatment of recurring respiratory problems. On 12/17/12 at 8:00 a.m., the hospital's investigation was reviewed with the risk manager. The investigation indicated, a hospital staff member (ST 1) identified Patient 1 specifically by name during a social telephone conversation and discussed the patient's care issues with a health care provider (RT 1), who no longer worked at the hospital. During an interview with ST 1, on 12/17/12 at 8:45 am, she stated, during her conversation with RT 1, she mentioned Patient 1 by name and discussed the concern for his care. ST 1 stated she was not aware RT 1 was no longer a hospital employee. She stated when she mentioned the conversation with her supervisor, she was reminded this was a breach of PHI. According to the hospital's policies and procedures, "Standards for Associate Conduct" (revised July 20, 2012), Associates are required to observe the confidential nature of medical records, private health information (PHI) and patient information. The hospital's Confidentiality of Patient Information Policy and Procedure (revised 7/04, reviewed 6/08) indicated it is the policy of the hospital to maintain all medical records and all patient identifiable health information in a confidential manner. The policies' definition of "Medical Information" included the hardcopy medical record, computer reports, information maintained in any computer system or in any medium and verbal communication. The policy further indicated "Those persons authorized to review the medical information without separate written authorization . . . from the patient are the following: A. Hospital personnel, only as medically necessary for the care of the patient or as part of hospital operations, or payment for services.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights