Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 31, 2012. Also cited in 62 other reports.
Report ID: ZQUS11, California Department of Public Health
Reported Entity: COMMUNITY REGIONAL MEDICAL CENTER
Issue:
Based on staff interview and administrative document review, the facility failed to keep Protected Health Information (PHI) confidential when Staff 1 accessed the PHI of Patient 1 thru Patient 56 without a business need to know. This failure placed Patient 1 through Patient 56's PHI at a potential risk for unauthorized use.Findings:On 1/31/12 at 1:17 p.m., Staff 2 (Privacy Officer) stated on 1/11/12 the facility became aware of a possible privacy breach. Staff 2 stated the facility's internal investigation revealed Staff 1 (Registered Nurse) had inappropriately accessed the PHI for Patient 1 thru Patient 56. Staff 2 stated none of the 56 patients were on Staff 1's treatment team and were not the unit where Staff 1 was assigned. On 1/31/12 at 4:00 p.m., Staff 3 (Nursing Manager) stated she was Staff 1's direct supervisor. Staff 3 stated approximately the first week of January 2012 the Pharmacist alerted her of a narcotic count discrepancy. She stated she began to investigate the discrepancy and found that Staff 1 had been inappropriately accessing patients medication administration record. Staff 1 was immediately placed on Administrative Leave and terminated.On 2/2/12 at 9:05 a.m., Staff 2 stated the information Staff 1 accessed contained Patient 1 thru Patient 56's name, date of birth, date of service, medical record number, medications prescribed and/or administered, address and phone number. The facility policy and procedure number 10001, titled " Confidentiality/Breach of Information " contained the following documentation: " Protected health information is only to be accessed in relationship to an employee's or health care provider's assigned job duties, on a business need to know basis. Accessing any patient information including by not limited to your own, your family members, or any other individual(s) without a business need to know, without authorization, for unauthorized purposes, or not within your "scope of assigned duties" is a breach of confidentiality."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights