Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
SANTA CLARA VALLEY MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 13, 2015. Also cited in 90 other reports.
Report ID: W0IW11, California Department of Public Health
Reported Entity: SANTA CLARA VALLEY MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to protect the patients' right for confidential treatment for four patients (1, 2, 3, and 4), when a staff member accessed the medical records of four family members without consent or a job related need. The failure resulted in unauthorized access of four patients' medical records. Findings:The California Department of Public Health received a faxed report on 3/12/15 which indicated a licensed vocational nurse (LVN A) had repeatedly accessed the medical records of four family members for whom she was not assigned to care. There was no documentation in the patients' medical records indicating LVN A had permission to access their records. The patients' names, medical record numbers, dates of birth, and visit locations had been accessed.During an interview on 4/13/15 at 11 a.m. the hospital's acting and compliancy officer (CPO) stated an audit was done on LVN A's computer access to medical records. The audit indicated she had accessed four of the five family members' records. CPO stated it is against the hospital's policy for LVN A to access her family's records without consent and she did not have a business reason. CPO stated for one adult family member, LVN A accessed his demographics and appointments (past, present, and future) four times in 2013, and LVN A had accessed a female adult family member's records nine times from 01/2014 through 01/2015. During an interview on 4/13/15 at 12:45 p.m. LVN A confirmed she had accessed her family's medical records without authorization, and stated she should not have done this. Review of a copy of the hospital's 12/27/13 "Workforce General Obligations Regarding Uses and Disclosures of Protected Health Information" policy indicated the hospital is to ensure that all workforce members take reasonable steps to safeguard patient information from any intentional or unintentional access. You may access patient information for treatment of a patient only if it is being used appropriately for your professional duties.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights