Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 6, 2015. Also cited in 279 other reports.
Report ID: 4YI311.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on staff interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient A's private health information (PHI), when a disk of private patient information was sent to the wrong hospital. This had the potential to result in the misuse of Patient A's private health information.Findings:On July 6, 2015, at 1:45 p.m., an investigation was conducted for this entity reported incident. On July 6, 2015, at 1:45 p.m., the facility Deputy Information Privacy Officer (DIPO) was interviewed. The DIPO stated a Discharge Planning Coordinator (DPC) was anticipating receiving information on two patients, Patients A and B. The DPC took the wrong information, an envelope which had Patient A's information who had a name which was similar sounding to Patient B's name. The outside of the envelope and the contents of the inside of the envelope, including the disk were clearly labeled with Patient A's name. The receiving hospital called our office and informed the facility staff of the error. The following information was sent to the wrong facility: a medical records disk containing Patient A's chest x-ray and results, name, date of birth, medical record number, doctor's names and hospital account number.On July 6, 2015, a record review was conducted of a letter the facility sent Patient A dated July 2, 2015. The letter indicated, " ...The purpose of this letter is to notify you that a CD (disk) containing your chest x-ray, name, date of birth, medical record number, and hospital account number was sent to another hospital in error. The receiving hospital notified the (facility) of the error and returned the CD ... "A review was conducted of the facility policy titled, " HIPPA (Health Insurance and Portability and Accountability Act) Use and Disclosure of Protected health Information, " revised April 2, 2015, indicated, " It is the policy of the (facility) that the confidentiality of Protected Health Information contained in records and collected pursuant to treatment will be protected to the fullest extent possible. To maintain this confidentiality the (facility) staff may not disseminate PHI unless it is pursuant to a valid request, a valid authorization or a legally recognized exception to this requirement...To protect the patient ' s right to privacy and confidentiality; at no time will names or information be shared with any person who does not have a need to know ... "
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280