Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EL CENTRO REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 23, 2011. Also cited in 38 other reports.
Report ID: 796C11, California Department of Public Health
Reported Entity: EL CENTRO REGIONAL MEDICAL CENTER
Issue:
Based on interview and record review, the hospital failed to ensure that Patient 1's protected health information (PHI) was kept confidential from anyone not directly involved with the patient's care.Findings:An interview with the Director of Quality (DOQ) was conducted on 11/23/11 at 10:05 A.M. The DOQ stated that Patient 1 was in the hospital's emergency room (ER) and was being seen by Physician 1. The DOQ stated that Physician 2, a cardiologist, was also in the ER and heard that Patient 1 was having a myocardial infarction (heart attack). The DOQ stated that Physician 2 accessed Patient 1's electronic medical record without being consulted by Physician 1 or by any staff. An interview with Physician 1 was conducted on 11/23/11 at 10:30 A.M. Physician 1 stated that Patient 1 was occluded (arteries blocked by clots) and that she gave the patient thrombolytics (medication that dissolves blood clots). Physician 1 stated that she was trying to transfer Patient 1 out of the ER to another hospital, because the hospital did not have a cardiac cath lab and because she thought the patient would re-occlude. Physician 1 also stated that a receiving hospital already accepted the transfer of Patient 1. Physician 1 stated that Physician 2 kept insisting not to transfer the patient out. Physician 1 stated that Physician 2 informed her that he was Patient 1's physician. However, the patient denied that Physician 2 was his physician. Physician 1 stated that Patient 1 was eventually transferred. Physician 1 also stated that she was right in transferring the patient because during the transfer, Patient 1 re-occluded. A telephone interview with Physician 2 was conducted on 11/28/11 at 10:00 A.M. Physician 2 stated he was not asked to consult for Patient 1. Physician 2 stated that he told Physician 1 that maybe she should check Patient 1's troponin (proteins that are release when the heart muscle has been damaged). Physician 2 stated that he did not go to the patient's bedside and denied seeing the patient. However, Physician 2 acknowledged that he accessed Patient 1's electronic medical record.A review of the hospital's "Administration-System Users Report" for Patient 1's electronic medical record, was conducted on 11/23/11. The report indicated that Physician 2 accessed Patient 1's electronic medical record on 11/9/11 at 9:30 A.M. until 9:37 A.M. and again on 11/10/11 at 1:38 P.M.A review of the hospital's policy and procedure titled "Access to and Maintenance of the Health Record" indicated that, "Health records shall be available for use within the facility for direct patient care by all authorized personnel who have a legitimate need for access to the health record."On 11/23/11, the DOQ was informed that as a result of the deliberate breach of Patient 1's records, and administrative penalty (AP) may be issued in the future.
Outcome:
Deficiency cited by the California Department of Public Health: Patients' Rights