Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 16, 2015. Also cited in 279 other reports.
Report ID: EEFN11, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on staff interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient A's private health information (PHI), when a document containing Patient A's medical information was faxed to an outside business. This had the potential to result in the misuse of Patient A's private health information.Findings:On April 17, 2015, at 11 a.m., an investigation was conducted on this entity reported incident. On April 17, 2015, at 11 a.m., the facility Deputy Information Privacy Officer (DIPO) was interviewed. The DIPO stated, An unauthorized disclosure of Patient A's PHI was sent by fax to an outside business on March 26, 2015. The recipient called the office on March 27, 2015, and informed the facility staff of the error. The following information was originally intended to be faxed to Patient A's physician: laboratory results containing Patient A's name, date of birth, medical record number, facility patient account number, and physician's name and number.On April 17, 2015, a record review was conducted of a letter sent to Patient A dated April 8, 2015. The letter indicated, "...The purpose of this letter is to notify you (Patient A)... the unintended recipient (outside business) notified (the facility) of the error and agreed to destroy the document."During a concurrent interview, the DIPO stated the staff member misdialed the incorrect fax number by one digit. Usually, staff use the automatic faxing system yet with both methods, the worker still has to verify the correct number before sending private health information.A review was conducted of the facility policy titled, "Faxing Protected Health Information," revised February 2015, indicated, "Telephone the receiving facility to inform them that protected health information is being faxed, confirm the fax number...Reconfirm the destination fax number prior to transmission by checking to telephone number displayed on the fax machine screen before transmitting it...confirm the success of the transmission by calling the intended recipient or by checking the fax transmittal report..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280