California Pacific Medical Center

On or about October 15, 2014, during a routine review of workforce members’ use of electronic protected health information (ePHI), the covered entity (CE), California Pacific Medical Center, discovered that a workforce member in the pharmacy department had impermissibly accessed the medical records of 13 coworkers. A subsequent audit showed that from October 2013 to October 2014, the workforce member had impermissibly used the medical records of a total of 845 individuals. The ePHI accessed included patient demographics, last four digits of social security numbers, clinical information about diagnoses, clinical notes, physician order information, laboratory and radiological data, and prescription information. OCR verified that the CE applied employee sanctions pursuant to its policy and procedure, provided breach notification to HHS, affected individuals, and the media, and retrained employees on relevant HIPAA policies and procedures.
Location of breached information: Electronic Medical Record
Business associate present: No