Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 7, 2013. Also cited in 24 other reports.
Report ID: QO3211.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Issue:
Based on interview and record review, the hospital failed to protect the right for confidential treatment of medical records for one of one sampled patients (1) when an unauthorized employee accessed the patients' medical record. Findings: During an interview on 1/7/13 at 11:30 a.m., the privacy officer (PO) stated on 11/28/12 an audit of electronic medical record activity by employee F (EF) demonstrated inappropriate access of information contained in the records of one patients (1). The PO stated a patient's medical record was accessed while EF was shown as having been logged on the computer. She stated EF had no legitimate reason to access the record. The PO stated she and a nurse manager conducted an internal investigation. The PO stated during the investigation, EF was interviewed and stated he did not access or view Patient 1's record, but admitted to not logging off from the computer and being away from the computer. The PO stated the investigation was inconclusive as to who viewed the record. On 1/9/13 a review of the hospital electronic record audit for EF indicated the EF accessed Patient 1's record on 10/18/12 and viewed patient location, business information, physician orders, and diagnostic study results. On 1/17/13 a review of the 12/7/12 disciplinary notice indicated EF was not authorized to view Patient 1's record as part of his duties at the hospital. On 1/17/13 a review of the 3/2012 hospital policy and procedure titled "Confidentiality of Patient and Hospital Business Information" indicated employees must treat patient information in a confidential manner. The policy indicated employees were not permitted to view patient information for reasons of personal interest or for reasons outside the employee's responsibilities. On 1/11/13 a review of the 4/2010 hospital policy and procedure titled "Workstation Acquisition, Use, and Security Policy" indicated employees must not leave the computer workstation unsupervised for any period of time while logged on in high traffic areas.Information viewed included the patient's name, current location, visit reason, allergies, address, phone number, age, gender, marital status, birth date, religious affiliation, financial status, physician orders, and diagnostic study results.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights