Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for violations of California’s Health and Safety Code relating to medical privacy during an inspection that began on January 22, 2014. Also cited in 279 other reports.
Report ID: 5C2211.02, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to notify the Department within five days after a disclosure of protected health information (PHI) was detected for one patient (Patient A). Patient A's full name, date of birth, and medication list were inadvertently disclosed to Patient B on January 3, 2014. The facility became aware of the breach on January 3, 2014 and notified the Department on January 20, 2014, 17 days later and 10 days after the mandated timeframe for the facility to report the detection. This resulted in a delay in the notification of CDPH and a possible delay in the investigation of the unauthorized disclosure of Patient A's PHI. Findings:On January 20, 2014, the facility notified the Department, via facsimile, that Patient A's PHI had been inadvertently released to an unintended recipient. On January 22, 2014, 2:45 p.m., a facility Privacy Officer (PO), was interviewed. The PO stated a privacy breach had occurred on January 3, 2014, but her department was not made aware of the incident until January 20, 2014. The PO stated the privacy office reported the incident as soon as they became aware, but a manager and charge nurse were aware of the incident on January 3, 2014. The PO stated the breach should be reported to the California Department of Public Health within 5 days of its detection. The facility notification letter was reviewed on January 22, 2014. The letter indicated an inadvertent privacy breach was discovered on January 3, 2014. The letters indicated an office visit summary containing Patient A's name, date of birth, and medication list was inadvertently handed to another patient. Patient A was notified, about the unauthorized disclosure of PHI, via standard mail, on January 20, 2014. The notification was sent 10 calendar days after the required notification of five business days (January 10, 3024).The facility policy and procedure titled "Information Privacy," reviewed/revised December 19, 2011, revealed: "4. The Information Privacy Officer will contact the Department of Public Health and report the breach within (5) five days of discovery."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280