Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 20, 2014. Also cited in 279 other reports.
Report ID: RO9211, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on staff interview and record review, the facility failed to prevent the unauthorized access and or disclosure of Patient A's private health information (PHI). A document containing Patient A's PHI was given to Patient B at discharge. This had the potential to result in the misuse of Patient A's private health information.Findings:On August 26, 2014, at 2:20 p.m., an investigation was conducted on this entity reported incident. On August 26, 2014, at 2:20 p.m., the facility Registered In-House Counsel (RIHC) was interviewed. The RIHC stated on August 7, 2014, an unauthorized disclosure of Patient A's PHI was inadvertently given to Patient B at discharge. The recipient (Patient B) returned the information after discharge from the facility (by mail). The following information was originally intended to be given to Patient A with discharge: Patient A's name, gender, medical record number, account number, date of birth, date of admission, and registered product number of a tissue implant. The RIHC stated, "The form Patient B received was supposed to be kept by the facility in case of a product recall."On August 26, 2014, a record review was conducted of a form titled, "Regulatory Notice." This form was sent from the facility to Resident A and indicated, "A tissue tracing form containing your name, date of birth, gender, medical record number, account number, and date of admission was inadvertently given to another patient (Patient B) when she was discharged from the hospital." A review conducted on August 28, 2014, of the facility policy and procedure dated, January 2014, titled, "Information Privacy," indicated, (The facility) will take all necessary steps to avoid unauthorized or unlawful access, use disclosure of protected health information ..." The policy dated January 2014, titled, "HIPPA (Health Insurance Portability and Accountability Act-Use and Disclosure of Protected Health Information," further indicated, "Copies of patient's PHI may only be released to a family member, friend of the patient, or someone directly involved in patient care..." The facility failed to maintain private health information by giving Patient B, Patient A's PHI without authorization from the patient or the patient's representative. This had the potential to cause misuse of Patient A's private health information.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280