HIPAA Helper »
EISENHOWER MEDICAL CENTER »
Nov 20, 2013

This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.

EISENHOWER MEDICAL CENTER

39-000 BOB HOPE DRIVE RANCHO MIRAGE,CA 92270

Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 20, 2013. Also cited in 279 other reports.

Report ID: FYY511.03, California Department of Public Health

Reported Entity: EISENHOWER MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to notify Patient A and Patient B of the unauthorized disclosure of their protected health information (PHI), in writing, within five business days after the disclosure had been detected by the facility. This resulted in a delay in the notification of Patient's A and B of the unauthorized disclosure of their PHI. Findings:On November 20, 2013, at 10 a.m., the Compliance Specialist (CS) was interviewed. The CS stated on October 13, 2013, an employee in the Emergency Department (ED) faxed two face sheets belonging to Patient A and Patient B to an unintended insurance provider. The insurance provider notified the ED on the same day of the error. The CS stated, the ED staff did not notify the Privacy Department until 12 days later. She stated they should have notified them right away. The CS stated she was aware of the requirement to notify the patient at his or her last known address within five days of discovery.The face sheets for Patient A and Patient B were reviewed. The face sheets contained the patients' name, dates of birth, addresses, phone numbers, insurance information, policy numbers, andmedical record and account numbers.The California Department of Public Health (CDPH) was notified via a facsimile dated October 25, 2013, of the unauthorized disclosure of Patient A and Patient B's PHI (seven days after the required notification of five business days).The facility policy and procedure titled, "Information Privacy," reviewed/revised December 19, 2011, revealed, "... The Information Privacy Officer will contact the Department of Public health and report the breach within (5) five days of discovery."

Outcome:

Deficiency cited by the California Department of Public Health: Medical Breach

Related Reports:

The report containing this deficiency also includes information about 2 other violations. Note that these may be related to the same event: FYY511.01, FYY511.02

3 other violations reported on the same date. Note that other citations may be about the same event: BQ4Y11.01, JIFE11.01, YC2R11.01

Do you believe your privacy has been violated? Here’s what you can do: