Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 6, 2015. Also cited in 279 other reports.
Report ID: VCZE11.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed, for one patient (Patient A), to prevent the the unauthorized disclosure of the patient's Private Health Information (PHI), when a Case Manager provided Patient A's face sheet to a cab driver. This failure had the potential for the misuse of Patient A's information.Findings:A telephone investigation was conducted on August 6, 2015, at 2 p.m., with the facility's Information Privacy Officer (IPO). The IPO stated on July 2, 2015, the facility became aware that Patient A's face sheet (a document with patient demographic information and medical diagnoses) was given to a cab driver, by a facility case manager. The IPO stated the facility became aware of the breach, when a payment voucher was returned to the facility with Patient A's facesheet attached. The IPO stated, "This was a breach as the cab driver did not need all of the information." A copy of the letter sent to Patient A, by the facility, indicated: "...in December 2014, when [facility] provided you with a cab ride, one of our case managers handed the cab driver a piece of paper that contained you name and address- but, also contained your insurance and other identifying information like your date of birth, social security number, gender and marital status..."The facility policy and procedure titled "Information Privacy" reviewed/revised April 2, 2015, indicated the following: "... (facility name) will take all necessary steps to avoid unauthorized or unlawful access, use or disclosure of protected health information ...unauthorized or unlawful disclosure: is the release, transfer, provision of access to, or providing in any other manner of PHI outside of the organization, to parties without a treatment, payment, or hospital administrative purpose..."
Outcome:
Deficiency cited by the California Department of Public Health: Health and Safety Code 1280.15