Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on May 7, 2014. Also cited in 279 other reports.
Report ID: XX9811.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure for one patient (Patient A), that her protected health information (PHI) was not disclosed to an individual not authorized to receive the information. Patient A's, PHI was inadvertently given to the wrong Patient. This failure resulted in unauthorized access of Patient A's PHI.Findings:An interview was conducted with the Deputy Information Privacy Officer on May 7, 2014, at 10 a.m. The Deputy Information Privacy Officer stated that on April 7, 2014, a physician inadvertently handed information regarding Patient A to another patient. The Deputy Information Privacy Officer stated the PHI (protected health information) included the patients' name, date of birth, medication list, initial nurse assessment from his office visit, and a portion of the patient's past medical history.A copy of the letter sent to Patient A was reviewed. The letter indicated the following:"...the purpose of this letter is to notify you that a portion of your medical record, specifically, your name, date of birth, medication list, initial nurse assessment from your office visit and a portion of your past medical history was inadvertently handed to another patient". The facility's policy and procedure titled, "HIPPA Use and Disclosure of Protected Health Information, revision date unclear", indicated the following:"It is the policy of (name of hospital) Medical Center that the confidentiality of Protected Health Information contained in records and collected pursuant to treatment will be protected to the fullest extent possible. To maintain this confidentiality Medical Center staff may not disseminate PHI unless it is pursuant to a valid request, a valid authorization or a legally recognized exception to this requirement.To protect the patient's right to privacy and confidentially, at no time will names or information be shared with any person who does not have a need to know in order to provide patient care".
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280