Friday, June 11, 2010

Five California Hospitals Fined for Patient Privacy Breaches

http://www.cdph.ca.gov/Pages/NR10-039.aspx



CALIFORNIA DEPARTMENT OF PUBLIC HEALTH ISSUES PRIVACY BREACH FINES TO FIVE CALIFORNIA HOSPITALS
Date: 6/10/2010

Number: 10-039

Contact: Al Lundeen (916) 440-7259

SACRAMENTO


The California Department of Public Health (CDPH) announced today that five California hospitals have been assessed administrative penalties and fines totaling $675,000 after a determination that the facilities failed to prevent unauthorized access to confidential patient medical information.

“Medical privacy is a fundamental right and a critical component of quality medical care in California,” said Dr. Mark Horton, director of CDPH. “We are very concerned with violations of patient confidentiality and their potential harm to the residents of California.”

The following hospitals received penalties:

1. Community Hospital of San Bernardino, San Bernardino, San Bernardino County: The hospital was assessed a $250,000 fine after the facility failed to prevent unauthorized access of 204 patients’ medical information by one employee.

2. Community Hospital of San Bernardino, San Bernardino, San Bernardino County: The hospital was assessed a $75,000 fine after the facility failed to prevent unauthorized access of three patients’ medical information by one employee.

3. Enloe Medical Center, Chico, Butte County: The hospital was assessed a $130,000 fine after the facility failed to prevent unauthorized access of one patient’s medical information by seven employees.

4. Rideout Memorial Hospital, Marysville, Yuba County: The hospital was assessed a $100,000 fine after the facility failed to prevent unauthorized access of 33 patients’ medical information by 17 employees.

5. Ronald Reagan UCLA Medical Center, Los Angeles, Los Angeles County: The hospital was assessed a $95,000 fine after the facility failed to prevent unauthorized access of one patient’s medical information by four employees.

6. San Joaquin Community Hospital, Bakersfield, Kern County: The hospital was assessed a $25,000 fine after the facility failed to prevent unauthorized access of three patients’ medical information by two employees.

CDPH has assessed the penalties to these facilities under new legislation intended to protect the confidentiality of medical records. CDPH has determined that the hospitals failed to prevent unauthorized access to patient medical information, as required by Section 1280.15 of the Health and Safety Code.

An administrative penalty of $25,000 may be assessed against a medical facility for the breach of each patient’s medical information. A penalty of up to $17,500 is added for each subsequent breach of each patient’s medical information.

Facilities are required to submit a plan of correction to CDPH within 10 working days and implement a plan of correction to prevent future incidents. Facilities can appeal an administrative penalty by requesting a hearing within 10 calendar days of notification. If a hearing is requested, the penalties are to be paid if upheld following appeal.

All hospitals in California are required to be in compliance with applicable state and federal laws and regulations governing general acute care hospitals. The hospitals are required to comply with these standards to ensure quality of care.

In 2008, Governor Arnold Schwarzenegger signed legislation, SB 541 and AB 211, to improve patient privacy laws and to address breaches of confidential information.

SB 541 by Senator Elaine Alquist (D-Santa Clara) sets health facility fines for privacy breaches and increases the fines for serious medical errors in hospitals. The new law ensured that health care providers face real consequences when they fail to protect patients. For facilities, fines for disclosing private medical information range up to $250,000 per reported event.

AB 211 by Assemblymember Dave Jones (D-Sacramento) requires health providers to prevent unlawful access, use or disclosure of patients' medical information and hold health care providers and other individuals accountable for ensuring the privacy of patients.

No comments:

Post a Comment