Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on December 16, 2013. Also cited in 279 other reports.
Report ID: NJWZ11, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent unauthorized disclosure of PHI (Protected Health Information) for one Patient (Patient 1) when his PHI was discovered among documents that had been sent home with Patient 2. This failed practice resulted in unauthorized persons having access to Patient 1's PHI, and the potential for physical, emotional, and financial harm.Findings:During an interview with the facility PO (Privacy Officer) on December 16, 2013, at 10:55 a.m., the PO stated Patients 1 and 2 were patients in the facility at the same time, and were located on different units and different floors. She stated on October 26, 2013, the facility received a call from the caregiver of Patient 2, who informed them he had a document with Patient 1's name on it. The PO stated upon retrieving the document, the facility determined Patient 1's SBAR (Situation, Background, Assessment, and Recommendation) form (a form used by the nursing staff to give shift report and communicate information related to the patient) had been included in papers sent home with Patient 2.The SBAR form was reviewed on December 16, 2013. The form included the following PHI:1. Name;2. Birthdate;3. Age;4. Sex; 5. Amission date; 6. Diagnosis; and,7. Attending physician.The facility policy titled, "HIPAA - Use and Disclosure of Protected Health Information," was reviewed on December 16, 2013. The policy indicated the following:a. The confidentiality of PHI contained in records and collected pursuant to treatment would be protected to the fullest extent possible; and,b. To maintain confidentiality, staff could not disseminate PHI unless it was pursuant to a valid request or a valid authorization.The PHI for Patient 1 was not protected or kept confidential, and the staff did not have a valid request or authorization to release the PHI to another patient.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280