Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 14, 2014. Also cited in 279 other reports.
Report ID: DB8R11, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on staff interview and record review the facility failed to prevent the unauthorized access and/or disclosure of Patient 1's private health information (PHI) during the billing process. Patient 1's PHI, (billing information) was inadvertently mailed to another patient. This had the potential to result in the misuse of Patient 1's private health information.Findings:On November 14, 2014, at 8 a.m., an interview was conducted with the facility's Deputy Information Privacy Officer (DIPO). The DIPO stated, "The employee did not verify the patient's first and last name with the description of services and total charges for the procedure. The breach occurred between family members. The billing statement was shredded by the receiving family member (Patient 2)." The DIPO acknowledged the staff worker should have verified the correct name of the patient matched the billing statement and description of services before mailing the information to Patient 2.A review of the facility letter dated, November 13, 2014 sent to Patient 1 indicated on November 13, 2014 the following: "...A statement of charges containing your description of services and total charges was inadvertently mailed to the incorrect address. You (Patient 1) notified (the facility) that the statement was received in error by a family member (Patient 2) on November 6, 2014."A review was conducted of the facility policy, "Use and Disclosure of Protected Health Information," dated with revision on January 2014. The policy indicated, " ...The confidentiality of Protected Health Information contained in records and collected pursuant to treatment will be protected to the fullest extent possible." The facility failed to follow procedure with patient identifiers (example-name, date of birth, medical record number) during the billing process. This failure had the potential to result in Patient 1's misuse of PHI when it was inadvertently mailed to Patient 2.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280