Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on August 6, 2015. Also cited in 279 other reports.
Report ID: S7RS11.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed, for two patients (Patient B and C), to prevent the unauthorized disclosure of the patients' Private Health Information (PHI), when a Case Manager provided the patients' face sheet to a cab driver. This failure had the potential for the misuse of the patients' information.Findings:A telephone investigation was conducted on August 6, 2015, at 2 p.m., with the facility's Information Privacy Officer (IPO). The IPO stated on July 2, 2015, the facility became aware a Case Manager had given a patient's face sheet (a document with patient demographic information and medical diagnoses) to a cab driver, at the time of the patient's discharge. The IPO stated the facility became aware of the breach, when a payment voucher was returned to the facility with a patient's facesheet attached. The IPO stated during the investigation, the facility became aware that Patient B and C's information had been released. The IPO stated, "This was a breach as the cab driver did not need all of the information." A copy of the letter sent to Patient B, by the facility, indicated: "...one of our case managers handed the cab driver a piece of paper that contained you name and address- but, also contained your insurance and other identifying information like your date of birth, social security number, gender and marital status..."A copy of Patient B's facesheet was reviewed. The facesheet contained Patient B's demographic information and admitting diagnosis. A copy of the letter sent to Patient C, by the facility, indicated: "...one of our case managers handed the cab driver a piece of paper that contained you name and address- but, also contained your insurance and other identifying information like your date of birth, social security number, gender and marital status..."A copy of Patient C's facesheet was reviewed. The facesheet contained Patient C's demographic information and admitting diagnosis.The facility policy and procedure titled "Information Privacy" reviewed/revised April 2, 2015, indicated the following: "... (facility name) will take all necessary steps to avoid unauthorized or unlawful access, use or disclosure of protected health information ...unauthorized or unlawful disclosure: is the release, transfer, provision of access to, or providing in any other manner of PHI outside of the organization, to parties without a treatment, payment, or hospital administrative purpose..."
Outcome:
Deficiency cited by the California Department of Public Health: Health and Safety Code 1280.15