Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on September 20, 2013. Also cited in 279 other reports.
Report ID: 8CIW11.01, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and document review, the facility failed to ensure that three patients' (Patient B, C, D) Protected Health Information (PHI) was not disclosed to any entity not authorized to receive the information. This failed practice resulted in unauthorized access to Patients' demographic information and medical records.Findings:An unannounced visit was made on September 20, 2013, to investigate a facility self reported breach incident. On September 20, 2013, at 1:30 p.m., an interview was conducted with the compliance officer, and quality director. The compliance officer stated the hospital became aware of the breach on August 27, 2013, when they received a phone call from a physician's office to report the incident. The compliance officer stated Patient A was discharged from the hospital on August 23, 2013. The nurse had Patient A's SBAR (Situation Assessment Background Recommendations), along with three other patients' SBAR with her when she entered Patient A's room, to give Patient A discharge instructions. The nurse left Patient A's discharge instructions on the bedside table, but also left her SBAR notes (The RN's notes for all the patients on her assignment), on the bedside table by mistake. The Patient then picked up her discharge instructions along with the other patients' SBAR forms. Patient A did not realize she had the other patients' medical information until she went to her physician's appointment on August 27, 2013. When the physician asked Patient A what mediations had been given at the hospital, the patient showed the physician the documents that had been given to her when discharged from the hospital. At that moment, it was discovered Patient A had medical records for three other patients (Patient B,C,and D). The physician's office then called the hospital to report the breach of patients' protected health information.The facility's policy and procedure titled, "Information Privacy," was reviewed. The policy indicated the hospital, "will take all necessary steps to avoid unauthorized or unlawful access, use or disclosure of protected health information..."The facility failed to ensure Patient B, C and D's Protected Health Information was not disclosed to any entity not authorized to receive the information, resulting in the unauthorized access to the patients' demographic information and medical records.
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280