Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on November 25, 2014. Also cited in 279 other reports.
Report ID: U5OU11.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to prevent unauthorized disclosure of protected health information (PHI) for three patients (Patients 1, 2, and 3) when a Case Manager (CM) electronically transmitted medical records to payers (insurance companies) who were not responsible for their health coverage. This failed practice resulted in unauthorized persons having access to PHI for Patients 1, 2, and 3, and the potential for physical, emotional, and financial harm.Findings:During an interview with the facility Privacy Officer (PO) on November 25, 2014, at 2:15 p.m., the PO stated on November 7, 2014, a CM was electronically transmitting medical record information to health plans/payers for multiple patients. According to the PO, every time the CM opened a record and transmitted it, the record had to be closed prior to opening and transmitting the next record. The PO stated when information was transmitted to the payers electronically, all of the open records would be attached and sent to the payer, whether they represented the patient or not. The PO stated the CM did not close the records for Patients 1, 2, and 3 prior to opening the next patient and transmitting information, so information for Patients 1, 2, and 3 were sent to payers who were not responsible for their health coverage, and did not have a need to know any of their PHI. 1. The records for Patient 1, transmitted to three separate payers who were not responsible for his health coverage, were reviewed on November 25, 2014. The records contained the following PHI:a. Name;b. Address;c. Telephone number;d. Birthdate;e. Sex;f. Social security number;g. Marital status;h. Spouse's name;i. Diagnosisj. Physician's name;k. Insurance coverage;l. Vital signs;m. Procedures performed;n. Laboratory results;o. X-ray results;p. Medications;q. Medical history; and,r. Daily condition/progress during hospital stay.2. The records for Patient 2, transmitted to two separate payers who were not responsible for her health coverage, were reviewed on November 25, 2014. The records contained the following PHI:a. Name;b. Address;c. Telephone number;d. Birthdate;e. Sex;f. Social security number;g. Marital status;h. Spouse's name;i. Diagnosisj. Physician's name;k. Insurance coverage;l. Vital signs;m. Procedures performed;n. Laboratory results;o. X-ray results;p. Medications;q. Medical history; and,r. Daily condition/progress during hospital stay.3. The records for Patient 3, transmitted to a payer who was not responsible for his health coverage, were reviewed on November 25, 2014. The records contained the following PHI:a. Name;b. Address;c. Telephone number;d. Birthdate;e. Sex;f. Social security number;g. Marital status;h. Spouse's name;i. Diagnosisj. Physician's name;k. Insurance coverage;l. Vital signs;m. Procedures performed;n. Laboratory results;o. X-ray results;p. Medications;q. Medical history; and,r. Daily condition/progress during hospital stay.Failure of the CM to properly use the electronic system for transmitting medical information to payers resulted in unauthorized persons having access to PHI for Patients 1, 2, and 3.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280