September 20, 2018
Data Breaches Are Just “Fines” with California Department of Public Health
Posted May 15, 2015
California Department of Public Health Has Levied over $1.1 Million in Fines So Far This Year
Not halfway through 2015, the California Department of Public Health (DPH) has hit six hospitals and two healthcare providers with $1.1 million in fines for putting patients’ data at risk in incidents that occurred as far back as 2010. Considering that the online healthcare publication Payers & Providers says that DPH caps the fines it assesses at $250,000, the amount of the fines might have been considerably higher.
A piece on californiahealthline.org details the amounts each healthcare organization was fined for lost or stolen patient data that was inadequately secured or for inappropriate access to records by employees. The following has been excerpted from the californiahealthline.org story and edited to fit our format. You may find the full article by clicking on this link.
Reason for fines and amount assessed according to Payers & Providers:
- $250,000 fine against San Francisco General Hospital for a 2011 incident in which an employee accessed 98 patients’ records without prior authorization
- $250,000 fine against Huntington Memorial Hospital for a 2012 incident in which an employee accessed the records of 17 patients
- $244,500 fine against Vale Healthcare Center for a 2013 incident in which a patient’s family member stole the records of 219 patients
- $150,000 fine against Accent Home Healthcare for a 2013 incident in which the data of six patients was stolen from an employee’s car
- $95,000 fine against Arrowhead Regional Medical Center for a 2011 incident in which a clerk accessed her husband’s medical records
- $92,500 fine against Redlands Community Hospital for a 2010 incident in which three employees accessed the data of three separate employees who were being treated at the hospital
- $25,000 fine against Torrance Memorial Medical Center for a 2011 breach of privacy incident in which two employees played a prank on another employee who had undergone surgery at the hospital
- $6,000 fine against Colusa Regional Medical Center for a 2011 incident in which two nurses accessed a patient’s records