Regulators Fine 7 Calif. Health Facilities Over Patient Data Breaches
On Nov. 19, the state regulators announced that seven California health facilities have received fines for failing to prevent breaches of confidential patient medical information, the Los Angeles Times reports (Hennessy-Fiske, Los Angeles Times, 11/19).
In total, the California Department of Public Health issued $792,500 in fines.
Under a 2008 state law, health care facilities can receive a $25,000 fine for an initial breach and a $17,500 fine for each subsequent breach of a patient's medical data. Fines are capped at $250,000 for each reported event (Mohajer, AP/San Jose Mercury News, 11/19).
Small, rural or critical access facilities can receive reduced penalties under a special provision of the law (Clark, HealthLeaders Media, 11/22).
Latest Penalties
The facilities that received fines are:
- Biggs Gridley Memorial Hospital, which received a $5,000 fine;
- Children's Hospital of Orange County, which received a $25,000 fine;
- Delano Regional Medical Center, which received a $60,000 fine;
- Kaweah Manor Convalescent Hospital, which received a $125,000 fine;
- Kern Medical Center in Bakersfield, which received two fines totaling $310,000;
- Oroville Hospital, which received a $42,500 fine; and
- Pacific Hospital of Long Beach, which received a $225,000 fine.
None of the facilities have previously received fines for patient data breaches.
Follow-Up Action
Penalized health care facilities must submit plans to prevent future data breach incidents within 10 days of receiving notification about a fine. The facilities also can appeal the penalties (Los Angeles Times, 11/19).
DPH plans to seek public comment on its privacy regulations in December (Gallegos, Los Angeles Daily Journal, 11/22).
Additional Coverage
Headlines and links to other coverage of the recent data breach fines are provided below.
- "Five Central Valley Health Facilities Fined by State for Privacy Breaches" (Central Valley Business Times, 11/19).
- "Two Butte County Hospitals Fined by State" (Chico Enterprise-Record, 11/20).
- "County Hospital Fined $310,000 for Privacy Breaches" (Mayer, Bakersfield Californian, 11/19).
- "CHOC Fined for Patient Security Breach" (Perkes, Orange County Register, 11/19).
- "Calif. Hospitals Fined for Snooping Problems" (Vesely, Modern Healthcare, 11/19).