Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
Enloe Medical Center
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on July 17, 2012. Also cited in 8 other reports.
Report ID: 2B5111, California Department of Public Health
Reported Entity: ENLOE MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to safeguard confidential health information for one patient (Patient 2). This failure resulted in the unauthorized disclosure of confidential health information outside the facility. Findings:During a concurrent interview and record review on 7/19/12 at 1:10 pm, information received from the facility, was reviewed with Privacy Officer A, who related the following:On 3/5/12 at 5 am, the facility discovered that Patient 2's personal health information had been electronically sent via text, by Phlebotomy Technician (Phleb Tech) B to Patient 2, and Phleb Tech C. Patient 2 was admitted to the emergency department on 2/25/12, at 12 am. Phleb Tech B performed a diagnostic test on Patient 2's spinal fluid. At 2:38 pm that afternoon, Phleb Tech B texted Patient 2, "hope you feel better, I'm doing your culture right away and I am wishing you well." On 3/1/12, Patient 2 was approached by Phleb Tech C and stated that Phleb Tech B had texted her on 2/25/12 and informed her that Patient 2 was in the hospital. Phleb Tech C asked Patient 2 whether "it was ok for her to be walking around without a mask on." Patient 2 reported the incident to her manager on 3/5/12 at 5 am. Patient 2's information that had been disclosed included that she was hospitalized and potential diagnosis related to the type of lab tests that were ordered and processed. Phleb Tech C had not been involved in Patient 2's care and her duties did not include reviewing Patient 2's lab orders. During an interview on 7/19/12 at 3 pm, Phleb Tech B confirmed she texted health information to both Patient 2 and Phleb Tech C. She stated she did this because they were all friends and she was concerned about Patient 2. An undated policy titled, "Confidentiality and Security of Medical Information" was reviewed. It read as follows: "6. Act as responsible information stewards and treat all individual medical record data and related financial, demographic, and lifestyle information as sensitive and confidential. A. Treat all individual medical record data as confidential in accordance with professional ethics, accreditation standards, and legal requirements."
Outcome:
Fine imposed and deficiency cited by the California Department of Public Health: Health & Safety Code 1280