DPH Has Levied $1.1M in Fines This Year Over Data Breaches
The California Department of Public Health so far this year has levied more than $1.1 million in fines against various health care providers and hospitals for data breaches, Payers & Providers reports.
DPH usually caps total fines at $250,000, according to Payers & Providers.
Details of Fines
In total, DPH has fined six hospitals and two health care providers.
According to records, the breaches typically were the result of:
- Lost or stolen patient data that was inadequately secured; and
- Inappropriate access to records by employees.
The penalties included a:
- $250,000 fine against San Francisco General Hospital for a 2011 incident in which an employee accessed 98 patients' records without prior authorization;
- $250,000 fine against Huntington Memorial Hospital for a 2012 incident in which an employee accessed the records of 17 patients;
- $244,500 fine against Vale Healthcare Center for a 2013 incident in which a patient's family member stole the records of 219 patients;
- $150,000 fine against Accent Home Healthcare for a 2013 incident in which the data of six patients were stolen from an employee's car;
- $95,000 fine against Arrowhead Regional Medical Center for a 2011 incident in which a clerk accessed her husband's medical records;
- $92,500 fine against Redlands Community Hospital for a 2010 incident in which three employees accessed the data of three separate employees who were being treated at the hospital;
- $25,000 fine against Torrance Memorial Medical Center for a 2011 breach of privacy incident in which two employees played a prank on another employee who had undergone surgery at the hospital; and
- $6,000 fine against Colusa Regional Medical Center for a 2011 incident in which two nurses accessed a patient's records (Shinkman, Payers & Providers, 5/7).