Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Enloe Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 22, 2014. Also cited in 8 other reports.
Report ID: NZL911, California Department of Public Health
Reported Entity: ENLOE MEDICAL CENTER
Issue:
Based on interview and record review the facility failed to protect an employee's right to privacy related to her inpatient medical care. This violated the employee's patient rights and has the potential for future patient rights of employees to be compromised. Findings:Patient 1 was interviewed on 1/22/14 at 10:53 am. Patient 1 has been working at the facility for nine years. Patient 1 had gastric sleeve surgery (weight loss surgery) on 6/18/13 and was an inpatient for 24 hours on the 3rd floor of the facility. Patient 1 stated no one was aware of her surgery plans except her family and her direct manager at the facility. She became aware of an alleged breach when a coworker (CW A) posted questions and comments on Facebook (online social network) about her gastric surgery and weight loss. Patient 1 asked CW A how she was informed about her gastric surgery. CW A remembered a conversation that happened between July and September 2013, with CW B, who stated she saw Patient 1 "walking around the 3rd floor in her pajamas". According to Patient 1 it was common knowledge amongst nurses' that gastric surgery patients are instructed to bring in their pajamas and not wear hospital gowns per their physicians request. Patient 1 stated two other employees also inquired about her surgery and did not recall how they obtained the information. Patient 1 stated she felt "Disappointed and violated that her privacy was not protected." During an interview on 1/22/14 at 11:18 am with Risk Manager (RM C ), she discussed the internal investigation results of the alleged breach. RM C provided information from an electronic audit of CW B's access to medical records on dates in question. CW B did not access Patient 1's medical records. RM C stated CW B was not working with patients on the 3rd floor on 6/18/13 or 6/19/13. During an interview on 1/22/14 at 11:45 am with CW A, she stated that she was unaware of Patient 1's surgery until CW B described seeing Patient 1 on the 3rd floor surgery in 6/2013 walking around in her "pajamas" which implied "gastric surgery." CW A posted questions to Patient 1 on Facebook to inquire about the gastric surgery and how Patient 1 was doing.During a phone interview on 1/23/14 at 2:15 pm with CW B, she stated she did recall seeing Patient 1 on the 3rd floor in June 2013. CW B stated "I do not remember" when questioned about the conversation with CW A about Patient 1 around 7/2013-9/2013. CW B could not recall where she was working on 6/18/2013 and 6/19/2013 though stated she usually works on the 3rd floor surgical care unit. CW B stated that she did not look at Patient 1's medical records. CW B explained this event has been "eye opening" and "I may have said something off the cuff." CW B stated "I cannot confirm nor deny the conversation but I know two other people said that I did make those comments."
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights