Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 6, 2013. Also cited in 279 other reports.
Report ID: 8C1811.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and document review, the facility failed to ensure that Patient A's Protected Health Information (PHI) was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information and medical records.Findings:On August 6, 2016, at 1:30 p.m., an interview was conducted with the compliance officer. The compliance officer stated the hospital became aware of the breach on May 10, 2013. On February 9, 2013, staff in the Emergency Department Admitting Area faxed Patient A's face sheet was faxed in error with Patient B's medical records. The medical records were sent to another health facility and that facility called to report the breach to the hospital. The employee who was responsible for the breach failed to follow procedures to verified that all documents being faxed were for Patient B. As a result, Patient A's demographic information and protected health information was sent to an unauthorized entity.The facility's policy and procedure titled, "Information Privacy," was reviewed. The policy indicated the hospital, "will take all necessary steps to avoid unauthorized or unlawful access, use or disclosure of protected health information..." The facility's policy and procedure titled, "HIPPA-Use and Disclosure of Protected Health Information," was reviewed. The policy indicated, "It is the policy of [name of hospital] that the confidentiality of Protected Health Information contained in records and collected pursuant to treatment will be protected to the fullest extent possible..."The facility failed to ensure Patient A's Protected Health Information was not disclosed to any entity not authorized to receive the information.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280