Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 17, 2014. Also cited in 279 other reports.
Report ID: 1Q6S11, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized access and disclosure of Patient's A's protected health information (PHI), when a laboratory order containing Patient A's PHI was provided to the wrong patient.Findings:On December 19, 2014, at 11:20 a.m., an investigation was conducted for this entity reported incident with the Deputy Information Privacy Officer.The Deputy Information Privacy Officer stated that on October 28, 2014, a laboratory order containing Patient A's, date of birth, address, phone number, and insurance information was provided to the wrong patient.On November 3, 2014, a letter was sent to Patient A's address notifying the patient of the information privacy breach.On December 19, 2014, a review of the facility policies titled, "HIPAA-Use and Disclosure of Protected Health Information, date May 13, 2001, with last reviewed/revised date of January 2, 2014, indicated the following: "It is the policy of (name of hospital) that the confidentiality of Protected Health Information contained in records and collected pursuant to treatment will be protected to the fullest extent possible...To protect the patient's right to privacy and confidentiality, at no time will names or information be shared with any person who does not have a need to know in order to provide care".In a review of an additional Policy titled, "Information Privacy", dated May 13, 2008, with last reviewed/revised date of January 2, 2014, indicated the following:"PolicyPursuant to the Health Insurance Portability and Accountability Act, 45 C.F.R. #164.530(f), and California Privacy Laws, (name of hospital) Medical Center will take all necessary step to avoid unauthorized or unlawful access, use or disclosure of protected health information and to mitigate any harmful effect that is know to (name of hospital) of an unauthorized or unlawful access, use or disclosure of protected health information in violation of (name of hospital) Medical Center's policies and procedures".
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280