EISENHOWER MEDICAL CENTER

Report ID: 80F011, California Department of Public Health

Reported Entity: EISENHOWER MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient 2's medical information. This had the potential to result in misuse of private information.Findings:On July 3, 2013, at 11:30 a.m., an investigation was conducted for an entity reported incident.In a concurrent interview with the Compliance Specialist (CS), the CS stated on March 23, 2013, Patient 1 went to one of the facility's Urgent Care (UC) and requested a copy of her record. The CS stated Patient 1 called the facility on April 8, 2013, and informed the facility she received the wrong record (Patient 2's record). The CS stated the record Patient 1 received contained Patient 2's name, date of birth, medical record number, and History and Physical. The CS stated the UC staff provided the wrong record to Patient 1.The facility policy titled, "HIPAA (Health Insurance Portability and Accountability Act) - use and Disclosure of Protected Health Information (dated November 18, 2011)," was reviewed and indicated, "Protected Health Information (PHI) - Individually identifiable health information transmitted or maintained in any form or medium, including oral, written and electronic...Information is considered PHI where there is a reasonable basis to believe the information can be sued to identify an individual."The facility policy titled, "Information Privacy (dated December 19, 2011)," was reviewed and indicated, "...Unauthorized of Unlawful Disclosure: is the release, transfer, provision of access to, or providing in any other manner of PHI outside of the organization, to parties without a treatment, payment or hospital administrative purpose..."

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280