Colusa Regional Medical Center

Report ID: 6SO711, California Department of Public Health

Reported Entity: COLUSA REGIONAL MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to safeguard confidential health information for nine patients (Patients 1, 2, 3, 4, 5, 6, 7 ,8 and 9), when Respiratory Therapist (RT) 1 viewed their medical records, without any business reason to do so.Findings: 1. On 4/26/13, the California Department of Public Health (CDPH), received a faxed report from Administrative Nurse A on 4/12/13, that the facility discovered Respiratory Therapist (RT) 1 had accessed the medical records of nine patients (Patients 1-9).During an interview with Admin Nurse A on 5/31/13 at 2 p.m., she disclosed that a Protected Health Information (PHI) Audit Report was generated that showed that RT 1 had accessed Patients 1, 2, 3, 4, 5, 6, 7, 8, and 9's records. "There were multiple entries into the charts of Patients 1-9 that were had been at the hospital for outpatient laboratory services and in the emergency room". In an interview and concurrent record review with Admin Nurse B on 6/25/13 at 1p.m., Admin Nurse B disclosed RT 1 "was not responsible to view Lab results, History & Physical Reports, Nursing Assessments, Medication orders, Patient Notes, Inpatient or Lab face sheets" which is what she accessed for Patients 1 through 9. Admin Nurse B disclosed "there is no job related reason to access these patients charts". The Policy Statement for the hospital, dated 11/2010, read, "Breach is described as the unlawful or unauthorized access to, and use or disclosure of, patient's medical information". SB 541. The Policy Statement, (HIPPA/Confidentiality), had been reviewed with RT 1 during a "detailed training" on 1/8/13. .

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280