Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on October 14, 2013. Also cited in 279 other reports.
Report ID: F44111.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent unauthorized disclosure of PHI for one patient (Patient 1) when lab results were faxed to an incorrect physician who was not involved in treating the patient. This failed practice resulted in unauthorized persons having access to Patient 1's PHI, and the potential for his physical, emotionla, and financial harm.Findings:During an interview with the facility CS on October 14, 2013, at 2 p.m., the CS stated on October 1, 2013, a laboratory technician faxed lab work for Patient 1 to the wrong physician's office. The CS stated Patient 1 asked the tech to fax the results of his labs to one of his physicians, in addition to the physician who ordered them, and he gave the physician's name. The tech faxed the results to a physician's office where the physician had a name that sounded like the intended physician, but he was not.The lab results that were faxed to the unintended physician's office were reviewed on October 14, 2013. The results contained the following PHI for Patient 1:1. Name;2. Date of service;3. MRN;4. Account #;5. Sex;6. DOB;7. Age;8. lab results for blood and urine; and,9. Pending lab tests.The facility policy titled, "HIPAA - Use and Disclosure of Protected Health Information," was reviewed on October 14, 2013. The policy indicated the confidentiality of PHI contained in records and collected pursuant to treatment would be protected to the fullest extent possible. The policy further indicated to maintain confidentiality, EMC staff would not disseminate PHI unless it was pursuant to a valid request.The laboratory technician faxed information to a physician's office that was different than the physician's office the patient requested.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280