Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 6, 2013. Also cited in 279 other reports.
Report ID: GYWN11.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and document review, the facility failed to ensure that Patient A's Protected Health Information (PHI) was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information and medical records.Findings:On August 6, 2016, at 1:30 p.m., an interview was conducted with the compliance officer. The compliance officer stated the hospital became aware of the breach on February 24, 2012. On February 24, 2012, at 1 p.m., the laboratory department received a call form an individual from a clinic in Minnesota, and stated they received a fax for Patient A. The staff member in the laboratory department entered the wrong phone number and faxed the lab results to the wrong location. The staff member wanted to fax the results to a physician office in Palm Springs, but instead faxed them in error, to a clinic in another state. The employee failed to verify the number they had entered was correct before sending Patient A's results by fax. As a result, two pages with Patient A's demographic information and test results were faxed to an unauthorized entity. The facility's policy and procedure titled, "Information Privacy," was reviewed. The policy indicated the hospital, "will take all necessary steps to avoid unauthorized or unlawful access, use or disclosure of protected health information..."The facility's policy and procedure titled, "HIPPA Compliance in the Laboratory," was reviewed. The policy indicated, "All laboratory staff members must abide by the standards set forth by the EMC Compliance Program...It is the responsibility of all employees to protect the patient's right to privacy and confidentiality..."The facility failed to ensure Patient A's Protected Health Information was not disclosed to any entity not authorized to receive the information.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280