Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 16, 2014. Also cited in 279 other reports.
Report ID: UD1M11.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure Patient A's private health information (PHI) was protected from misuse by filing to ensure the information was not faxed to an unauthorized recipient. This failure had the potential to place Patient A's PHI at risk for misuse. Findings:An interview was conducted with the facility's Compliance Officer (CO) on June 16, 2014, at 10 a.m. The CO stated, "On June 2, 2014, Patient A's information was inadvertently faxed to the incorrect home health agency." The CO stated the information included Patient A's name, date of birth, and her social security number. In addition, the information faxed to the wrong agency contained medical information about Patient A. A copy of the letter sent to Patient A indicated the following: "...a portion of your medical record containing information which included your name, date of birth social security number, medical assessment and medications was inadvertently faxed to the incorrect home health care agency." The facility policy and procedure titled "HIPAA- Use and Disclosure of Protected Health Information," undated, was reviewed. The policy indicated "It is the policy of ... (facility's name) that the confidentiality of Protected Health information in records and collected...will be protected to the fullest extent possible."The policy further indicated, "To protect the patient's right to privacy and confidentiality, at no time will names or information be shared with any person who does not have the need to know in order to provide patient care."A review of the facility policy and procedure titled "Faxing Protected Health Information," with a last reviewed date of March 21, 2013, indicated, "Sending Information: Whenever possible, staff faxing Protected Health Information shall:1. Telephone the receiving facility to inform them that Protected Health Information is being faxed, confirm the fax number...2. Reconfirm the destination fax number prior to transmission by checking to telephone number displayed on the fax machine screen before transmitting it.3. Confirm the success of transmission by calling the intended recipient or by checking the fax transmittal report..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280