EISENHOWER MEDICAL CENTER

Report ID: 23T711, California Department of Public Health

Reported Entity: EISENHOWER MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to implement their privacy policy and failed to ensure Patient A's protected health information (PHI) were faxed to the correct physician. This failure resulted in the unauthorized disclosure of PHI to an unintended recipient.Findings:On April 12, 2011, at 10:30 a.m., an unannounced visit was made to the facility to investigate a breach of medical information for Patient A.In a concurrent interview with the Privacy Officer, she stated PHI that contained Patient A's name, medical record number, and lab results were faxed to the wrong physician. The information was faxed by a facility employee. The physician that received the information had the same last name as the physician that was the intended recipient. The unintended recipient notified the facility the unauthorized disclosure.A review of the information disclosed included the patient's name, address, medical record number, gender, date of birth, laboratory resultsOn April 12, 2011, the facility policy and procedure titled, " Faxing Protected Health Information Information, " was reviewed. The policy indicated, " ...Policy All Protected Health Information sent or received by EMC shall be in a manner that protects against unauthorized disclosure of such records to third parties... "

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280