EISENHOWER MEDICAL CENTER

Report ID: WS8211, California Department of Public Health

Reported Entity: EISENHOWER MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to ensure the PHI (protected health information) for one patient (Patient A) remained confidential. This failure resulted in the unauthorized disclosure of Patient A's PHI to an unintended recipient.Findings:An interview was conducted with the facility's Information Privacy Officer (IPO) on April 3, 2014, at 9:30 a.m. The IPO stated on March 13, 2014, photos containing Patient A's name and medical record number were inadvertently handed to the wrong patient. The IPO stated facility staff selected the wrong name when printing, and the staff did not verify the patient's name before handing it to Patient B. A review of the letter sent to Patient A on March 19, 2014, indicated "The purpose of this letter is to notify you that a portion of your medical record, specifically exam images containing your name and medical record number were inadvertently handed to another patient. The unintended recipient notified the facility of the error and agreed to return the documents."The facility policy and procedure titled "Information Privacy" reviewed/revised December 19, 2011, revealed "... (facility name) will take all necessary steps to avoid unauthorized or unlawful access, use or disclosure of protected health information ..."A policy titled "Patient Identification Policy and Procedure," with a last reviewed/revised date of January 3, 2011, was reviewed on March 4, 2014. The policy indicated it was an organization-wide policy and it applied to all services and care settings. The policy indicated patient identification must be performed utilizing at least two identifiers: first and last name, date of birth or medical record number.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280