Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on June 2, 2014. Also cited in 279 other reports.
Report ID: 115N11, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the PHI (protected health information) of Patient A remained confidential. This failure resulted in the unauthorized access of Patient A's PHI by a Registered Nurse (RN) 1, employed at the facility.Findings:An interview was conducted with the facility's Information Privacy Officer (IPO) on June 2, 2014, at 1:45 p.m. The IPO stated Patient A called the facility on April 29, 2014, and stated while an inpatient she thought an individual at the facility accessed her medical records. The IPO stated after investigating the allegation it was determined that Registered Nurse (RN) 1, an employee who was not working with Patient A accessed the patient's records on September 3, 2012.The IPO further stated RN 1 has not been employed at the hospital since March 20, 2013.A review of Patient A's PHI which was accessed by RN 1 was conducted. Patient A's PHI on the date the record was accessed, September 3, 2012, reflected the patient's name, medical record number, date of visit, all medical treatment records, including diagnosis, laboratory values, medication administered, nursing assessments, physician consultations, including a psychiatric consultation.A review of the facility policy, "HIPAA-Use and disclosure of Protected Health Information (HIPAA-health information portability and accountability act), last Reviewed/Revised 11/18/2011," was conducted.The policy indicated, "It is the policy of (the facility) that the confidentiality of Protected Health information contained in records and collected pursuant to treatment will be protected to the fullest extent possible. To maintain this confidentiality (facility) staff may not disseminate PHI unless it is pursuant to a valid request, a valid authorization or a legally recognized exception to this requirement."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280