On Thursday, the California Department of Public Health fined five hospitals a total of $675,000 for failing to prevent unauthorized access to confidential patient medical records, the Sacramento Bee reports (Calvan, Sacramento Bee, 6/11).
The hospitals have 10 working days to submit a plan of correction to the state. The facilities also can request an appeal hearing within 10 days of notification (Central Valley Business Times, 6/10).
History of Patient Privacy Fines
The fines were imposed under two 2008 California laws. One of the laws created the California Office of Health Information Integrity, which investigates and fines facilities that violate patient privacy regulations (Mitchell, Chico Enterprise-Record, 6/11).
California law allows regulators to administer fines of $25,000 for the first breach and $17,500 for each subsequent violation involving the same patient, with a maximum penalty of $250,000 (Clark, HealthLeaders Media, 6/11).
Kathleen Billingsley, deputy director of DPH's Center for Health Care Quality, said the department has received reports of more than 3,700 patient confidentiality breaches between the law's enactment on Jan. 1, 2009, and May 31, 2010 (Hines, Riverside Press-Enterprise, 6/10). Regulators have issued eight fines to six hospitals for a total of $1.1 million in penalties. So far, no hospital has appealed the fines (Hennessy-Fiske, Los Angeles Times, 6/11).
Billingsley said the collected fines go into a fund that is earmarked for improving health care quality. She added that she hopes the funds eventually will be used to strengthen privacy protections for patient medical information (HealthLeaders Media, 6/11).