Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 12, 2013. Also cited in 24 other reports.
Report ID: RKGO11.01, California Department of Public Health
Reported Entity: COMMUNITY HOSPITAL OF THE MONTEREY PENINSULA
Issue:
Based on interview and record review, the hospital failed to prevent unauthorized access to three patients' (Patients 1, 2, 3) medical information. Findings:On 4/26/13 the California Department of Public Health received a faxed report from the hospital compliance director which indicated the hospital identified unauthorized access to health information for Patients 1, 2, and 3.During an interview on 7/19/13 at 10:00 a.m., the compliance director stated during a routine review of a high profile hospital employee's electronic record, the hospital determined Staff A accessed the medical records of Patients 1, 2 and 3. The compliance director stated a "User Audit" confirmed Staff A accessed information for Patient 1 on 3/13/13 and 4/8/13, Patient 2 on 3/31/13 and Patient 3 on 4/8/13. The compliance director stated the information accessed included name, date of birth, medical record number, physician, and diagnosis. The compliance director stated during an interview Staff A denied viewing the records, and had no clinical or business need to access the information. Staff A was a certified nursing assistant not assigned to the care of Patients 1, 2 or 3. Staff A was suspended and ultimately terminated from employment.On 2/25/14 at 3:50 p.m. during review of the hospital's "User Audit" report, the report indicated Staff A had viewed Patient 1's medical record on 3/31/13 and 4/8/13, viewed Patient 2's medical record on 3/31/13, and viewed Patient 3's medical record on 4/8/13. During a telephone interview with the compliance director on the above day and time, the compliance director stated, although the audit report did not indicate specific information Staff A accessed, once Staff A accessed the records, automatically disclosed were the patient's name, date of birth, diagnosis, medical record number, treating physician, and hospital room number. Despite multiple attempts, Staff A was unable to be contacted for interview. After three attempts to contact Staff A by telephone, Staff A's telephone was disconnected.Record review on 7/19/13 at 1:30 p.m., of the hospital personnel manual dated 3/2012, indicated, "Everyone is expected to treat patient and hospital information in a respectful, professional, and confidential manner. Such information should never be viewed or discussed with another for reasons of personal interest or for reasons outside the employee's responsibilities."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280