EISENHOWER MEDICAL CENTER

Report ID: BVAW11, California Department of Public Health

Reported Entity: EISENHOWER MEDICAL CENTER

Issue:

Based on interview and record review, the facility failed to prevent unauthorized access to PHI for seven patients (Patients 1, 2, 3, 4, 5, 6, and 7) when an employee from the billing department accessed the patient's records for personal knowledge. This failed practice resulted in the potential for physical, emotional, and financial harm to the patients.Findings:During an interview with the facility CS on August 23, 2013, at 12:10 p.m., the CS stated while an employee from the billing department was out on a LOA, her department director accessed her work computer. She stated the director noticed "questionable" e-mails between the employee and another person that prompted her to run an audit trail report (a computer report that shows every transaction that has been entered or changed, and the date and time each one occurred). The CS stated when the employee was questioned about the information obtained, she admitted she had accessed records of patients (who were also employees at the facility) to get their ages and marital status in an effort to find dates for a friend. The CS stated the employee admitted she would find female employees she thought would be good for friend to date, and then she would access their records to determine their age and marital status.The CS stated the information the employee accessed was demographic in nature, and included the following:1. Name;2. Age;3. DOB;4. Sex;5. Marital status6. Address;7. Phone number;8. SSN;9. MRN;10. Account number;11. Insurance information; and,12. Payment history.With the information accessed on these female patients, and the intention of sharing the information with a person not authorized to receive it, the employee could have caused physical, emotional, or financial harm to all seven patients.

Outcome:

Deficiency cited by the California Department of Public Health: Health & Safety Code 1280