Five California Hospitals Fined for Breaches of Patient Records

On June 10, the California Department of Public Health (CDPH) fined five California hospitals a total of $675,000 after determining that the facilities failed to prevent unauthorized access to confidential patient medical records.

“Medical privacy is a fundamental right and a critical component of quality medical care in California,” said Mark Horton, MD, director of CDPH. “We are very concerned with violations of patient confidentiality and their potential harm to the residents of California.”

The hospitals have 10 business days to submit a plan of correction to the state, and must implement it to prevent future incidents. They can also request an appeal hearing within 10 days of notification.

The penalties were imposed under two California laws passed in 2008 to protect the confidentiality of medical records. CDPH has determined that the hospitals failed to prevent unauthorized access to patient medical information, as required by Section 1280.15 of the Health and Safety Code.

An administrative penalty of $25,000 may be assessed against a facility for the breach of each patient’s medical information, along with $17,500 for each subsequent breach.

All hospitals in California are required to be in compliance with applicable state and federal laws and regulations governing general acute care hospitals. The hospitals are required to comply with these standards to ensure quality of care.

Hospitals receiving penalties include: Community Hospital of San Bernardino; Enloe Medical Center in Chico; Rideout Memorial Hospital in Marysville; Ronald Reagan UCLA Medical Center in Los Angeles; and San Joaquin Community Hospital in Bakersfield.