Five California Hospitals Fined for Breaches of Patient Health Records

On Thursday, the California Department of Public Health fined five hospitals a total of $675,000 for failing to prevent unauthorized access to confidential patient medical records, the Sacramento Bee reports (Calvan, Sacramento Bee, 6/11).

The hospitals have 10 working days to submit a plan of correction to the state. The facilities also can request an appeal hearing within 10 days of notification (Central Valley Business Times, 6/10).

History of Patient Privacy Fines

The fines were imposed under two 2008 California laws. One of the laws created the California Office of Health Information Integrity, which investigates and fines facilities that violate patient privacy regulations (Mitchell, Chico Enterprise-Record, 6/11).

California law allows regulators to administer fines of $25,000 for the first breach and $17,500 for each subsequent violation involving the same patient, with a maximum penalty of $250,000 (Clark, HealthLeaders Media, 6/11).

Kathleen Billingsley, deputy director of DPH's Center for Health Care Quality, said the department has received reports of more than 3,700 patient confidentiality breaches between the law's enactment on Jan. 1, 2009, and May 31, 2010 (Hines, Riverside Press-Enterprise, 6/10). Regulators have issued eight fines to six hospitals for a total of $1.1 million in penalties. So far, no hospital has appealed the fines (Hennessy-Fiske, Los Angeles Times, 6/11).

Billingsley said the collected fines go into a fund that is earmarked for improving health care quality. She added that she hopes the funds eventually will be used to strengthen privacy protections for patient medical information (HealthLeaders Media, 6/11).
John Inca
This is the tip of the iceberg. The utterly shabby and illegal privacy practices of at least one major healthcare maintenance organization are going to be made very public in 2010 and 2011. No more cover ups. Period.
Norman Eisenberg
Based on this article, did you know that in December of 09 that Avmed had two lap top computers stolen with thousands upon thousands of patient records on it, and guess what, mine was one of them' Am I angry, no, i am Furious, ready to break something, because two years ago I begged them to use USB EMR's to store records, hell i even offered to provide them with 256gb USB EMRs, all they wanted and they said no. Why does it take something like this for people to realize that ON LINE STORAGE IS A LICENSE TO STEAL... You think your data is safe on Amazon, Google , Yahoo.. ha, Google's health record on line) uses a password, do you know what it is??? IT IS YOUR G MAIL ACCOUNT NAME, now how many emails have you sent out with that G mail account name all over the place. Get my point George Orwell is alive and well in the computers.. Boy was he right, on the date was different not 1984 but 2010 Whoops off by a few years.. LOOK OUT YOU MAY BE NEXT...get off line NOW

to share your thoughts on this article.