Six California hospitals fined for medical record security breaches
State officials have fined six California hospitals and a nursing home for failing to prevent unauthorized access to confidential patient medical information, according to a report made public Friday.
California Department of Public Health officials have required all facilities — which may appeal the fines — to submit plans to correct the problems.
Pacific Hospital of Long Beach was fined $225,000 after an unauthorized technician in October 2009 accessed nine patients’ medical information, including psychiatric and emergency room patients, and later admitted to police she used the information to open fraudulent accounts with Verizon, an investigator found.
The technician was later arrested, according to the investigator’s report.
Children’s Hospital of Orange County was fined $25,000 after an employee in February 2009 accessed the medical records of a co-worker’s child without authorization.
Separately, two employees gained unauthorized access in August 2009 to a patient’s medical information and disclosed it on three occasions.
Delano Regional Medical Center was fined $60,000 after an employee gained unauthorized access to her sister-in-law’s medical records on three occasions in October 2009.
Regulators also fined two hospitals in Northern California. Biggs Gridley Memorial Hospital in Butte County was fined $5,000 after two employees gained unauthorized access to a co-worker’s medical information three times in March 2009. Oroville Hospital, also in Butte County, was fined $42,500 after an employee talked about a patient’s hospitalization on her cellphone in the emergency room and posted information about her hospitalization on MySpace starting in December 2008.
Kaweah Manor Convalescent Hospital in Tulare County was fined $125,000 after an unauthorized physical therapy assistant accessed and used five patients’ medical information in July 2009. He was later arrested in connection with alleged identity theft.
None of the facilities had been previously fined for privacy breaches.
The fines issued Friday came under a state law enacted in 2008 after widely publicized violations of patient privacy at UCLA involving Farrah Fawcett, singer Britney Spears, Maria Shriver and other celebrities.
Last year, California public health officials issued the first penalty under the privacy law, fining Kaiser Permanente's Bellflower hospital $437,500 for failing to prevent employees from snooping in the medical records of Nadya Suleman after she gave birth to octuplets.
By law, medical facilities may be fined $25,000 for the first breach and $17,500 for each subsequent breach of a patient’s medical information. Facilities can appeal, but are required to submit a plan of correction to the state public health agency within 10 days to prevent future incidents.
-- Molly Hennessy-Fiske