Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 7, 2013. Also cited in 24 other reports.
Report ID: Y9EL11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Issue:
Based on interview and record review, the hospital failed to protect the right for confidential treatment of medical records for four of four sampled patients (1, 2, 3 and 4) when an unauthorized employee accessed the patients' medical records. Findings: During an interview on 1/7/13 at 11:30 a.m., the privacy officer (PO) stated on 11/28/12 an audit of electronic medical record activity by employee E (EE) during the months of October and November, 2012, demonstrated inappropriate access of information contained in the records of four patients (1, 2, 3, and 4). The PO stated EE had no legitimate reason to access the records. The PO stated she and a nurse manager conducted an internal investigation. The PO stated during the investigation, EE was interviewed and stated she accessed the records on 11/27/12 for educational purposes. On 1/9/13 a review of the hospital electronic record audit for EE indicated the following:EE accessed Patient 1's record on 11/11/12 and viewed patient business information. EE accessed Patient 2's record on 11/11/12 and viewed patient business information and diagnostic study results.EE accessed Patient 3's record on 11/11/12 and viewed patient business information and diagnostic study results.EE accessed Patient 4's record on 11/11/12 and viewed patient business information and diagnostic study results. On 1/17/13 a review of the 11/30/12 disciplinary notice indicated EE was not authorized to view the above records as part of her duties at the hospital. On 1/17/13 a review of the 3/2012 hospital policy and procedure titled "Confidentiality of Patient and Hospital Business Information" indicated employees must treat patient information in a confidential manner. The policy indicated employees were not permitted to view patient information for reasons of personal interest or for reasons outside the employee's responsibilities. Information viewed included the patient's name, current location, visit reason, allergies, address, phone number, age, gender, marital status, birth date, religious affiliation, financial status, and diagnostic study results.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights