EISENHOWER MEDICAL CENTER

Report ID: 6ECP11.01, California Department of Public Health

Reported Entity: EISENHOWER MEDICAL CENTER

Issue:

Based on interview and document review, the facility failed to ensure their (PHI) Protected Health Information was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patient A's demographic information, and medical records.Findings:An interview was conducted with the Facility Privacy Officer (FPO), on January 14, 2013, at 10 a.m. The FPO stated the breach occurred on December 12, 2012. The FPO stated a fax was sent to the wrong location. The fax included Patient A's mammogram results. The fax was received by a retired physician, who notified his friend who was a member of the management team at the hospital. The FPO stated the physician's phone number should not have been in the hospital's faxing system. The FPO stated the technician should have verified the Physician's name and phone number prior to faxing the test results. The facility's policy and procedure titled, "HIPPA-Use and Disclosure of Protected Health Information," was reviewed. The policy indicated, "It is the policy of [name of hospital] that the confidentiality of Protected Health Information contained in records and collected pursuant to treatment will be protected to the fullest extent possible. To maintain this confidentiality EMC staff may not disseminate PHI..."The facility failed to ensure Patient A's Protected Health Information was not disclosed to any entity not authorized to receive the information.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280

Related Reports:

2 other violations reported on the same date. Note that other citations may be about the same event: LMUC11.01, LMUC11.02