EISENHOWER MEDICAL CENTER

Report ID: 80JZ11.01, California Department of Public Health

Reported Entity: EISENHOWER MEDICAL CENTER

Issue:

Based on interview and document review, the facility failed to ensure that Patient A's Protected Health Information (PHI) was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information and medical records.Findings:An unannounced visit was made on September 20, 2013, to investigate a facility self reported breach incident. On September 20, 2013, at 1:30 p.m., an interview was conducted with the compliance officer, and quality director. The compliance officer stated the hospital became aware of the breach on August 21, 2013, when the hospital received a call from a home health agency. The home health agency stated the hospital sent, by fax, medical records for Patient A, and Patient A was not one of their patients. The home health agency stated they shredded the documents therefore were unable to tell the compliance department how many medical records and what information had been faxed in error. The compliance officer stated their investigation revealed that the discharge coordinator faxed Patient A's medical records to the wrong fax number in error. The discharged coordinator failed to verify the fax number prior to sending Patient A's medical records. The facility's policy and procedure titled, "Information Privacy," was reviewed. The policy indicated the hospital, "will take all necessary steps to avoid unauthorized or unlawful access, use or disclosure of protected health information..."The facility failed to ensure Patient A's Protected Health Information was not disclosed to any entity not authorized to receive the information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: 8CIW11.01, S87I11.01