Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 6, 2015. Also cited in 279 other reports.
Report ID: QYO211.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed, for two patients (Patient D and E), to prevent the unauthorized disclosure of the patients' Private Health Information (PHI), when a Case Manager provided the patients' face sheet to a cab driver. This failure had the potential for the misuse of the patients' information.Findings:A telephone investigation was conducted on August 6, 2015, at 2 p.m., with the facility's Information Privacy Officer (IPO). The IPO stated on July 2, 2015, the facility became aware a Case Manager had given a patient's face sheet (a document with patient demographic information and medical diagnoses) to a cab driver, at the time of the patient's discharge. The IPO stated during the investigation, the facility became aware that additional patients' (Patient D and E) information had been released. The IPO stated, "This was a breach as the cab driver did not need all of the information." A copy of Patient D's facesheet was reviewed. The facesheet contained Patient D's demographic information, including the patient's name, address, date of birth, gender, social security and account number. The patient's admitting diagnosis had been scratched out with a pen. A copy of Patient E's facesheet was reviewed. The facesheet contained Patient E's demographic information, including the patient's name, address, date of birth, gender, social security and account number. The face sheet indicate Patient E's initial diagnosis. The facility policy and procedure titled "Information Privacy" reviewed/revised April 2, 2015, indicated the following: "... (facility name) will take all necessary steps to avoid unauthorized or unlawful access, use or disclosure of protected health information ...unauthorized or unlawful disclosure: is the release, transfer, provision of access to, or providing in any other manner of PHI outside of the organization, to parties without a treatment, payment, or hospital administrative purpose..."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280