Privacy Violations Result in 8 Fines

Hospitals Get Sanctions Under Tough California Laws
Privacy Violations Result in 8 Fines
The California Department of Public Health has fined seven hospitals a total of more than $790,000 for eight incidents that involved failing to protect the privacy of patient medical information.

The fines for health information breach incidents last year are the result of state laws passed in 2008 that set some of the nation's toughest penalties for patient privacy violations.

At the federal level, the HITECH Act increased penalties for violations of the HIPAA privacy and security rules. The hospitals fined are:

  • Kern Medical Center, Bakersfield, fined $250,000 as a result of the theft of 596 patients' lab test documents from an unlocked locker. The hospital also was fined $60,000 for an incident regarding unauthorized access to information about one emergency room patient by two employees.
  • Pacific Hospital of Long Beach fined $225,000 for an identity theft incident that involved an employee gaining unauthorized access to information on nine patients.
  • Kawaeah Manor Convalescent Hospital, Visalia, fined $125,000 for an identity theft incident that involved an employee gaining unauthorized access to information on five patients.
  • Delano Regional Medical Center, fined $60,000 after an employee who was not authorized accessed the records of a relative.
  • Children's Hospital of Orange, fined $25,000 when an unauthorized employee accessed the records of a child of a co-worker.
  • Oroville Hospital fined $42,5000 after an employee discussed a patient's case with others on her cell phone and on the social networking site My Space.
  • Biggs Gridley Memorial Hospital, Gridley, fined $5,000 after two unauthorized employees viewed the record of a fellow employee who was hospitalized.

In June, the department reported fines against five hospital totaling $675,000 for health information breaches. And in September, another hospital announced it was appealing a $250,000 state fine related to tardy notification about a breach.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.