Prime hospital cited for repeated patient privacy breaches

The California public health department on Tuesday issued citations against Shasta Regional Medical Center, the hospital under Prime Healthcare Services, where two top executives released a patient's medical records to the media, California Watch reported. Shasta Regional faces five deficiencies for repeated instances of patient privacy breaches.

State investigators found that the privacy breach came from the top. Among cited violations, the CEO of Shasta Regional Medical Center sent an email to nearly 800 hospital employees, disclosing the confidential details of a diabetes patient, therefore breaking federal and state law, the article noted.

Prime Healthcare and, more specifically, Shasta Regional have been at the center of a media storm surrounding reports that hospital CEO Randall Hempling and Chief Medical Officer Marcia McCampbell revealed the full chart of Darlene Courtois to her hometown newspaper, Redding Record Searchlight, as well as medical exam results to the Los Angeles Times, according to LA Times columnist Michael Hiltzik. The patient had told California Watch that she did not have kwashiorkor--a severe form of malnutrition that provides greater reimbursement--for which Shasta Regional had billed Medicare.

In response, the hospital execs shared her information with the media and with hospital employees, saying the patient implicitly waived her privacy because she had shared some of her records with another news organization. Prime spokesman Edward Barrera maintains that the hospital did nothing wrong. The company "continues to believe that the disclosures, if any, were permitted under both federal and state law," he told California Watch in an email statement.

Lou Ann Wiedemann, director of professional practice at the American Health Information Management Association, commented on a previous FierceHealthcare story about the role of leadership in patient privacy.

"Senior executives are expected to guide an organization's privacy and security initiatives and set an example for the rest of the staff. As an HIM professional who has spent [her] career protecting and educating others on the confidentiality of patient information, I am surprised and disappointed to hear that someone at a senior level did not know the very basics of patient privacy and confidentiality."

She added, "It fully demonstrates the need for continued privacy and security education and training at all levels within healthcare."

Thomas Reuters last month named Prime Healthcare as a Top 100 Hospital and new CEO Prem Reddy as one of the most influential physician executives in the nation. Prem Reddy assumed the post after then CEO Lex Reddy (his brother-in-law) resigned in February.

For more information:
- see the California Watch story
- read the Prime statement on Prem Reddy's award

Related Articles:
FBI interviews patient about alleged Prime Healthcare upcoding, privacy breach
Prime hospital CEO, CMO blasted for sharing patient chart with media
Prime Healthcare accused of Medicare fraud, seeking legal action against press
Tenet wins $46M legal battle