Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 5, 2014. Also cited in 279 other reports.
Report ID: 5Z0X11.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent unauthorized disclosure of PHI (protected health information) for one patient (Patient A), when an employee faxed Patient A's facesheet to the incorrect physician. This failed practice resulted in the potential for misuse of Patient A's PHI. Findings:During an interview with the facility Deputy Information Privacy Officer (DIPO) on August 5, 2014, at 1:30 p.m., the DIPO stated a Patient Admitting Specialist faxed Patient A's facesheet (form containing demographic information) to the wrong physician's office. The DIPO stated the staff failed to call the physician's office and faxed the document to the office of a physician with the same name. The DIPO stated the facesheet contained Patient A's name, address, phone number, date of birth and medical record number.On August 5, 2014, a copy of the letter sent to Patient A was reviewed. The letter indicated, "The purpose of this letter is to notify you that a patient demographic form containing your information, including your name, date of birth, and medical record number was inadvertently faxed to the incorrect physician's officer." A copy of Patient A's facesheet was reviewed. The facesheet contained the patient's name, date of birth, admitting physician, admitting diagnosis, address, phone number, and medical record number, as well as the patient's insurance information. A review of the facility policy and procedure titled "Faxing Protected Health Information," dated, March 21, 2013, indicated, all PHI sent or received shall be protected against unauthorized disclosure to third parties. The policy indicated,"Sending Information: Whenever possible, staff faxing Protected Health Information shall:1. Telephone the receiving facility to inform them that Protected Health Information is being faxed, confirm the fax number...2. Reconfirm the destination fax number prior to transmission by checking to telephone number displayed on the fax machine screen before transmitting it.3. Confirm the success of transmission by calling the intended recipient or by checking the fax transmittal report..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280