HIPAA Helper »
COMMUNITY HOSPITAL OF SAN BERNARDINO »
Feb 13, 2014

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

COMMUNITY HOSPITAL OF SAN BERNARDINO

1805 MEDICAL CENTER DRIVE SAN BERNARDINO,CA 92411

Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on February 13, 2014. Also cited in 46 other reports.

Report ID: C3DC11.01, California Department of Public Health

Reported Entity: COMMUNITY HOSPITAL OF SAN BERNARDINO

Issue:

Based on interview and record review, the facility failed to ensure that the registered nurse (RN 1) assigned to Patient A, followed the facility policy and procedure for logging off of the computer once completed viewing Patient A's protected health information (PHI)when the information will be unattended. This resulted in a breach Patient A's PHI.Findings:On February 13, 2014 at 9:00 AM, an unannounced visit was made to the facility to investigate an entity reported incident of a breach of PHI for Patient A.On February 13, 2014 at 9:00 AM, an interview was conducted with the facility privacy officer (FPO). She stated, "Patient A was in labor and delivery (L&D), and her mother was there as well. The nurse (RN-1) did not turn off her computer when she left the room on two separate occasions, so the mother took a picture of the screen showing the medical record note, and the fetal heart monitoring. The mother sent it to Patient A's cell phone, so Patient A would show a supervisor what RN 1 had done. The pictures were deleted."A review of the facility policy and procedure titled, "Network Usage Policy," dated January 17, 2012, indicated, "...Each user's responsibility to ensure the integrity, security, and appropriate use of [facility name]email systems, technology and network resources..." The policy further indicated," Log out of all electronic devices and/or applications when leaving them unattended, or alternatively, lock the device or utilize a screen saver with the password function activated..."During an interview with the L&D Nurse Manager on February 13, 2014 at 9:25 AM, she stated that RN 1 had not followed the facility policy for safeguarding patient information.

Outcome:

Deficiency cited by the California Department of Public Health: Nursing Service Policies and Procedures.

Related Reports:

The report containing this deficiency also includes information about 1 other violation. Note that these may be related to the same event: C3DC11.02

1 other violation reported on the same date. Note that other citations may be about the same event: U5S111.01

Do you believe your privacy has been violated? Here’s what you can do: