7 California Hospitals Fined For Privacy Breaches
LOS ANGELES (AP) — Kern Medical Center in Bakersfield has been fined $250,000 for allegedly keeping patient records in an outside, unlocked locker, allowing for the theft of 596 patient records in 2009.
The fine is the biggest of eight penalties issued to seven hospitals by the California Department of Public Health on Friday. In total, the state issued $792,500 in fines.
According to state inspectors, for several months in 2009 a Kern Medical Center staffer placed the daily lab reports in the broken locker outside the hospital until they were stolen one night.
The stolen records contained personal information, including names, social security numbers and medical test results for 596 patients.
Kern Medical Center CEO Paul Hensler said an employee faced disciplinary action for the breach, which he thinks the Halloween night disappearance of the records was the work of pranksters robbing the mailbox-like locker, not identity thieves.
The hospital notified all patients who could have been affected, and the hospital has received no complaints, he said.
Hensler added that the ultimate irony of the theft is the practice of walking records from one building to another was unecessary, a relic of a time before electronic records existed at the hospital, which allow for inter-department file sharing. The practice has been discontinued and the hospital was evaluated for other reporting redundancies.
The hospital was also fined $60,000 after a staffer told another staffer that her son was in the emergency room. Both staffers pulled up the patient’s records. Hensler said the “struggling county hospital” hopes to appeal that fine because, though it was wrong, it was not akin to selling a celebrity patient’s medical information to a tabloid.
The law governing privacy fines in hospital was signed in 2008 by Gov. Arnold Schwarzenegger after his wife, Maria Shriver, had her records breached, along with other celebrities, at UCLA Medical Center.
The fines are capped at $250,000 per reported event. Hospitals have 10 days to appeal the fines or they can provide a plan of corrective action.
Other fines issued Friday:
- $225,000: Pacific Hospital of Long Beach in Los Angeles County after an employee accessed and used nine patients’ medical information.
- $125,000: Kaweah Manor Convalescent Hospital in Tulare County after an employee accessed and used medical information of five patients.
- $60,000: Delano Regional Medical Center in Kern County after one patient’s medical information was disclosed by an employee on three occasions.
- $42,500: Oroville Hospital in Butte County after one patient’s medical information was disclosed by an employee on two occasions.
- $25,000: Children’s Hospital of Orange in Orange County after one patient’s medical information was accessed by one employee.
- $5,000: Biggs Gridley Memorial Hospital in Butte County after two employees accessed a patient’s information on three occasions.
(© Copyright 2010 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed.)