HospitalInspections.org

Based on records reviewed and interviews, the Hospital failed for two of twelve sampled patients (Patient #1, Patient #2), to ensure appropriate access, confidentiality and privacy of the individuals' medical record.

Findings include:

The Policy titled The Need to Maintain Strict Confidentiality of Patient Information, dated 09/2016, indicated that workforce members will only access, use, or disclose patient information and Protected Health Information (PHI) to support treatment, payment, and healthcare operations, or as otherwise authorized by the patient or his/her personal representative or required by law.

The Document titled Encounter Selection for Patient #1, dated 03/09/18, indicated that Patient #1's last registration date at the facility was 10/25/2016.

The Hospital Information Technology (IT) report, dated 03/15/18, indicated that Patient Services Representative (PSR/registration clerk) #1 accessed Patient #1's medical record on 11/24/17, 12/05/17, 12/15/17 and 02/07/18 (greater than 1 year after Patient #1's last registration).

The Hospital IT report, dated 03/15/18, indicated that on 12/15/17 from 6:08 PM until 6:13 PM, PSR #1 accessed multiple sections of Patient #1's medical record (this included accessing sections of the record titled clinical diagnoses and the chart access log).

The Document titled Encounter Selection for Patient #2, dated 03/09/18, indicated that Patient #2's last registration date at the facility was 07/09/2014.

The Hospital IT report, dated 03/15/18, indicated that PSR #1 accessed Patient #2's medical record on 02/07/18.

The Surveyor interviewed the Director of Patient Access (responsible for registration activities at the hospital) on 03/15/18 at 10:10 AM. The Director of Patient Access said she spoke with PSR #1 who told her that she (PSR #1) accessed a screen that displayed Patient #1's and Patient #2's demographics (part of medical record). The Director of Patient Access said that PSR #1 acknowledged that she (PSR #1) shouldn't have been in the record, said it was a mistake and said it was due to "curiosity" or words to that effect.

The Surveyor interviewed PSR #1 on 03/15/18 at 2:30 P.M. PSR #1 said she accessed a screen that displayed Patient #1's name, address, and insurance information (part of the medical record), because of "curiosity" or words to that effect.

The Surveyor spoke to the Risk and Patient Safety Manager of the facility on 03/15/18 at 3:30 P.M. The Risk and Patient Safety Manager said that PSR #1 accessed Patient #1's medical record on 12/15/17. The Risk and Patient Safety Manager said that PSR #1 did access sections of Patient #1's chart (medical record) on 12/15/17.