Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 24, 2014. Also cited in 279 other reports.
Report ID: FBL411.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient A's private health information (PHI), when a document containing Patient A's information was inadvertently indexed into Patient B's electronic medical record in which Patient B may have had access through the hospital medical record website. This had the potential to result in the misuse of Patient A's private health information.Findings:On July 24, 2014, at 11:30 a.m., an investigation was conducted on this entity reported incident. On July 24, 2014, at 11:30 a.m., the facility Deputy Information Privacy Officer (DIPO) was interviewed. The DIPO stated on July 24, an unauthorized disclosure of Patient A's PHI was inadvertently indexed into another patient, Patient B's, electronic medical record. Patient B viewed his electronic medical record and was able to view Patient A's PHI. The DIPO stated as far as we (the hospital) knows...this was an isolated event. The worker was supposed to check every page of patient information before indexing the information into the electronic medical record.The following information was originally intended to be indexed into Patient A's electronic medical record: a bone density report (test conducted on bone strength), Patient A's name, date of birth, and medical record number. On July 24, 2014, a record review was conducted of a letter that was sent by fax to the Department on July 23, 2014, at 2:20 p.m. The letter indicated, "The incorrect patient (Patient B) notified (the facility-name withheld) of the error..."A review was conducted on July 24, 2014, of the facility policy titled, "HIPPA (Health Insurance Portability and Accountability Act), Use and Disclosure of Protected Health Information," dated, December 19, 2011. The policy indicated, "It is the policy of (the facility) that the confidentiality of Protected Health information contained in records and collected pursuant to treatment will be protected to the fullest extent possible."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280