HospitalInspections.org

Based on documents reviewed and interview it was determined that the facility failed to provide a written response to the complainant regarding the verbal complaint made on 9/25/14. (File # 1)
Findings include:
Review of the medical record for this patient, a four year old with a past medical history significant for Blount's disease, presented to RUSK on 8/12/14 following surgery for bilateral repair with Taylor spatial frame with tibial osteotomy. Surgeries for the left and right sides were performed on 7/30/14 and 8/6/14 respectively. The hospital stay was uncomplicated and the patient was discharged home on 8/20/14. Review of file #1 on 10/15/14 noted that on 8/25/14 about 11:30am the patient's mother returned to the outpatient social worker to complain regarding concerns that the patient was exhibiting behaviors that were concerning. However, there was no evidence in (file #1) that the complainant was provided with a written response, actions taken thus far, investigation still ongoing nor an anticipated date of completion.
On 10/16/14 this writer inquired of Staff #1, for written response to the complainant, no response was provided. Additionally, there was no referral for counseling for this patient regarding this alleged incident.

Based on staff interview and the review of documents, it was determined that the hospital did not ensure the confidentiality of patient records. This finding was noted in 2 of 5 medical records reviewed.

Findings include:

Review of medical record for this patient noted that he was admitted to the hospital on 8/13/14 for ambulatory surgery. Review of file #2 on 10/16/14 showed that on 8/13/14 the patient's friend picked up and read the patient's medical record that was located at the patient's bedside. It was noted that the patient's medical record contained protected health information which the friend was unaware of.

The hospital failed to secure the patient's medical record from unauthorized access.

2. Review of medical record for this patient noted that she was admitted to the hospital Emergency Department on 9/13/14 with complaint of right foot injury. Review of file #3 on 10/16/14 showed that on 9/13/14 an Emergency Department (ED) nurse reported that she witnessed the patient's mother, a staff physician at New York University Hospital, log in to Epic and access patient's medical record.

The audit trail report on accesses made to patient's electronic medical record (EMR) since September 2014 was conducted by Privacy Official. The audit trail revealed that the physician accessed her daughter's medical record on September 13, 2014 to view reports, encounters, medical history, imaging results and orders.

The physician, the patient's mother, was not a part of the patient's treatment team and therefore had no legitimate reason to access her EMR.