Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 17, 2015. Also cited in 279 other reports.
Report ID: XW0811, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on staff interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient A's private health information (PHI), when laboratory results were left on Patient A's voicemail and Patient A's wife listened to the results. Leaving lab results on a voice mail had the potential to result in misuse of Patient A's private health information.Findings:On August 17, 2015, at 10:45 a.m., an investigation was conducted on this entity reported incident. On August 17, 2015, at 10:45 a.m., an interview was conducted with the Deputy General Counsel of Compliance (DGCC). The DGCC stated a patient care coordinator at the cardiology clinic used an old document from the clinic that was not HIPPA (Health Insurance Portability and Accountability Act) compliant for patient authorization. The form was not updated to HIPPA regulations and was not to be used for patient authorization of information. The DGCC stated, "The outdated form was dated December 6, 2011, and the wife's name was listed as authorized for receiving medical information. The form should have been updated and laboratory results should not have been left on the patient's voicemail. The patient's physician notified my office that the patient did not want his wife to have knowledge of his laboratory results."A review of a letter sent by the facility to Patient A dated August 12, 2015, was conducted. The letter indicated, "...The (facility cardiology clinic) staff member should not have left patient protected health information (lab results) on your voice mail system. These individuals have been trained to only leave their name and return phone number and to request that a patient return their call..."A review of the facility policy titled, "HIPPA-Use and disclosure of Protected Health Information," dated with revision on January 2, 2014, indicated, "It is the policy of (the facility) that the confidentiality of Protected Health Information contained in records and collected pursuant to treatment will be protected to the fullest extent possible. To maintain this confidentiality (the facility staff) may not disseminate PHI unless it is pursuant to a valid request, a valid authorization or a legally recognized exception to this requirement..." The policy further indicated, "...To protect the patient's right to privacy and confidentiality, at no time will names or information be shared with any person who does not have a need to know in order to provide patient care. All personal should refrain from discussing the patient's presence, illness, treatment, prognosis, or condition with any individual not directly associated with the care of the patient..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280