Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on March 11, 2014. Also cited in 279 other reports.
Report ID: JRB011, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure for one patient (Patient A), that his protected health information (PHI) was not disclosed to another patient (Patient B). This failure resulted in unauthorized access of Patient A's PHI by an unauthorized individual.Findings:A telephone interview was conducted on March 11, 2014, at 2:15 p.m., with the Information Privacy Officer (IPO). The IPO stated on February 10, 2014, Patient B had requested copies of his entire medical record from the Health Information Management Office, and Patient B was given copies of Patient A's medical records instead. The IPO stated a staff member (Staff 1) made copies of Patient A's records by mistake due to Patient A having a similar first and last name as Patient B. The IPO stated Patient B had possession of the records for approximately three hours before the patient realized the error and returned the records back to the facility.The IPO further stated the breach of Patient A's PHI that was released to Patient B included all of Patient A's medical records such as:a. Nameb. Agec. Date of birthd. Account numbere. Medical record numberf. History and physicalg. Laboratory resultsh. Medication listi. Medical diagnosesj. Assessment notesk. Consultation reportsl. Nurse's notesm. Office visit notesn. X-ray reportsThe facility's policy and procedure titled "Access of Individuals To Protected Health Information," dated February 12, 2014, was reviewed. The policy indicated "2.c. It is vital that the person releasing PHI checks each page of the medical record being given to the patient to ensure that the correct medical records are being provided."The facility's policy and procedure titled "HIPAA - (Health Information Portability And Accountability Act) Use And Disclosure Of Protected Health Information," revised November 18, 2014, was reviewed. The policy indicated "To protect the patient's rights to privacy and confidentiality, at no time will names or information be shared with any person who does not have a need to know in order to provide patient care. All personnel should refrain from discussing the patient's presence, illness, treatment, prognosis, or condition with any individual not directly associated with the care of the patient . . ."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280