Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 24, 2014. Also cited in 279 other reports.
Report ID: 7B4L11.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent the unauthorized access and/or disclosure of Patient A's private health information (PHI), when a form containing the patient's name and surgery itinerary was inadvertently mailed to Patient B. This had the potential to result in the misuse of Patient A's private health information.Findings:On July 24, 2014, at 11:45 a.m., an investigation was conducted on this entity reported incident. On July 24, 2014, at 11:45 a.m., the facility Deputy Information Privacy Officer (DIPO) was interviewed. The DIPO stated on July 24, 2014, at 11:45 a.m., a form containing Patient A's name and surgery itinerary was inadvertently mailed to the incorrect address. The unintended recipient notified the facility of the error and agreed to return the document. The DIPO stated the form contained Patient A's name, appointment surgery schedule, name of surgery, and pre-surgery preparation instructions. The DIPO stated Worker B sent Patient A's information to the same office printer that Worker A was using. Worker A gather up papers from that printer and combined another patients records with Patient A's.On July 24, 2014, a record review was conducted of a letter sent to the Department dated July 23, 2014, received at 2:20 p.m. The letter indicated, "A form containing the patient's name and surgery itinerary was inadvertently mailed to the incorrect address. The unintended recipient notified (the facility-name withheld) of the error and agreed to return the document.On July 24, 2014, a record review was conducted of the facility policy titled, HIPPA (Health Insurance Portability and Accountability Act), Use and Disclosure of Protected Health Information," dated, December 19, 2011. The policy indicated, "It is the policy of (the facility) that the confidentiality of protected health information contained in records and collected pursuant to treatment will be protected to the fullest extent."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280