On Thursday, the California Department of Public Health fined five hospitals a total of $675,000 for failing to prevent unauthorized access to confidential patient medical records, the Sacramento Bee reports (Calvan, Sacramento Bee, 6/11).
The hospitals that received fines are:
- Community Hospital of San Bernardino, which received $325,000 in total penalties for two separate fines: a $250,000 fine for failing to prevent an employee from accessing data on 204 patients and a $75,000 fine for a breach of three patients' records (Central Valley Business Times, 6/10);
- Enloe Medical Center in Chico, which received a $130,000 fine after a patient's information was accessed by seven employees;
- Rideout Memorial Hospital in Marysville, which received a $100,000 fine after 33 patient files were breached by 17 employees (AP/San Francisco Chronicle, 6/10);
- Ronald Reagan UCLA Medical Center in Los Angeles, which received a $95,000 fine for breaches that sources indicate are related to the medical records of deceased pop singer Michael Jackson (Hennessy-Fiske, Los Angeles Times, 6/11); and
- San Joaquin Community Hospital, which received a $25,000 fine for a breach of three patients' medical records (Bakersfield Californian, 6/10).
The hospitals have 10 working days to submit a plan of correction to the state. The facilities also can request an appeal hearing within 10 days of notification (Central Valley Business Times, 6/10).
History of Patient Privacy Fines
The fines were imposed under two 2008 California laws. One of the laws created the California Office of Health Information Integrity, which investigates and fines facilities that violate patient privacy regulations (Mitchell, Chico Enterprise-Record, 6/11).
California law allows regulators to administer fines of $25,000 for the first breach and $17,500 for each subsequent violation involving the same patient, with a maximum penalty of $250,000 (Clark, HealthLeaders Media, 6/11).
Kathleen Billingsley, deputy director of DPH's Center for Health Care Quality, said the department has received reports of more than 3,700 patient confidentiality breaches between the law's enactment on Jan. 1, 2009, and May 31, 2010 (Hines, Riverside Press-Enterprise, 6/10). Regulators have issued eight fines to six hospitals for a total of $1.1 million in penalties. So far, no hospital has appealed the fines (Los Angeles Times, 6/11).
Billingsley said the collected fines go into a fund that is earmarked for improving health care quality. She added that she hopes the funds eventually will be used to strengthen privacy protections for patient medical information (HealthLeaders Media, 6/11).