Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
CONTRA COSTA REGIONAL MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 8, 2013. Also cited in 103 other reports.
Report ID: OF5011.01, California Department of Public Health
Reported Entity: CONTRA COSTA REGIONAL MEDICAL CENTER
Issue:
Based on interview and document review, the facility failed to prevent improper disclosure of a patient's (Patient 1) medical information when two staff members (Staff A and Licensed Staff B) accessed Patient 1's electronic record without a clinical need to do so. This failure allowed for the unauthorized use of the information and a violation of the patient's right to privacy.Findings:During an interview, on 7/8/13, at 11:05 a.m., the facility's Privacy Officer confirmed that Patient 1's electronic clinical record was accessed on 4/25/13, by two staff members (Staff A and Licensed Staff B) who did not have a clinical need to view the information.When questioned about the reason for viewing Patient 1's clinical record, Licensed Staff B stated that Staff A asked her whether or not Patient 1 was her relative. When Licensed Staff B confirmed that she was related to Patient 1, Staff A showed her the electronic record.During the facility's investigation, the Privacy Officer stated that an "Audit Trail" report was accessed and showed the date (4/25/13) and time (1525 hours) Staff A opened Patient 1's record and did not exit until 4/25/13 at 1455 hours.Document review of the facility's policy titled "Mitigating the Effect of an Unauthorized Release of Protected Health Information", revised 6/27/2008, includes, on page 4: "Curiosity or Concern is defined as a breach that occurs when an employee accesses, reviews or discusses patient information for purposes other than the care of the patient."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280