California health dept fines 7 facilities for privacy breaches
The California Department of Public Health (CDPH) has assessed six California hospitals and one nursing home administrative penalties and fines totaling $792,500 after a determination that the facilities failed to prevent unauthorized access to confidential patient medical information.
The following healthcare facilities received administrative penalties:
CDPH assessed the penalties to these facilities under new legislation intended to protect the confidentiality of medical records. CDPH has determined that the hospitals failed to prevent unauthorized access to patient medical information, as required by Section 1280.15 of the Health and Safety Code. The penalties on this release are the first of their kind issued to each of these facilities, the CDPH stated.
An administrative penalty of $25,000 may be assessed against a medical facility for the breach of each patient’s medical information. A penalty of up to $17,500 is added for each subsequent breach of a patient’s medical information.
The following healthcare facilities received administrative penalties:
- Biggs Gridley Memorial Hospital, Gridley: $5,000 fine for failing to prevent unauthorized access of one patient’s medical information by two employees on three occasions.
- Children’s Hospital of Orange, Orange: $25,000 fine for failing to prevent unauthorized access of one patient’s medical information by one employee.
- Delano Regional Medical Center, Delano: $60,000 fine for failing to prevent unauthorized access and disclosure of one patient’s medical information by one employee on three occasions.
- Kaweah Manor Convalescent Hospital, Visalia: $125,000 fine for failing to prevent unauthorized access and use of five patients’ medical information by one employee.
- Kern Medical Center, Bakersfield: $60,000 fine for failing to prevent unauthorized access and disclosure of one patient’s medical information by two employees on three occasions. Kern Medical Center was assessed a separate $250,000 fine for failing to prevent the theft of 596 patients’ medical information.
- Oroville Hospital, Oroville: $42,500 fine for failing to prevent unauthorized disclosure of one patient’s medical information by one employee on two occasions.
- Pacific Hospital of Long Beach, Long Beach: $225,000 for failing to to prevent unauthorized access and use of nine patients’ medical information by one employee.
CDPH assessed the penalties to these facilities under new legislation intended to protect the confidentiality of medical records. CDPH has determined that the hospitals failed to prevent unauthorized access to patient medical information, as required by Section 1280.15 of the Health and Safety Code. The penalties on this release are the first of their kind issued to each of these facilities, the CDPH stated.
An administrative penalty of $25,000 may be assessed against a medical facility for the breach of each patient’s medical information. A penalty of up to $17,500 is added for each subsequent breach of a patient’s medical information.