CONTRA COSTA REGIONAL MEDICAL CENTER

Report ID: OF5011.01, California Department of Public Health

Reported Entity: CONTRA COSTA REGIONAL MEDICAL CENTER

Issue:

Based on interview and document review, the facility failed to prevent improper disclosure of a patient's (Patient 1) medical information when two staff members (Staff A and Licensed Staff B) accessed Patient 1's electronic record without a clinical need to do so. This failure allowed for the unauthorized use of the information and a violation of the patient's right to privacy.Findings:During an interview, on 7/8/13, at 11:05 a.m., the facility's Privacy Officer confirmed that Patient 1's electronic clinical record was accessed on 4/25/13, by two staff members (Staff A and Licensed Staff B) who did not have a clinical need to view the information.When questioned about the reason for viewing Patient 1's clinical record, Licensed Staff B stated that Staff A asked her whether or not Patient 1 was her relative. When Licensed Staff B confirmed that she was related to Patient 1, Staff A showed her the electronic record.During the facility's investigation, the Privacy Officer stated that an "Audit Trail" report was accessed and showed the date (4/25/13) and time (1525 hours) Staff A opened Patient 1's record and did not exit until 4/25/13 at 1455 hours.Document review of the facility's policy titled "Mitigating the Effect of an Unauthorized Release of Protected Health Information", revised 6/27/2008, includes, on page 4: "Curiosity or Concern is defined as a breach that occurs when an employee accesses, reviews or discusses patient information for purposes other than the care of the patient."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

1 other violation reported on the same date. Note that other citations may be about the same event: SH4I11.01