7. Pacific Hospital of Long Beach in Los Angeles County was fined $225,000 after an employee accessed information on nine patients, some of which was given to others to open up fraudulent accounts.
The employee "admitted to memorizing several patients' profiles, going home, and writing the memorized profiles on papers. She then allowed other people to use this information in order to open up fraud accounts with Verizon," according to state documents.
Kathleen Billingsley, deputy director of the California public healthdepartment's Center for HealthCare Quality, acknowledged that some of the fines "seem to be very large" in some cases involving only one incident.
But the way the law is now written, she said, the department does not have discretion. "When we get to the point when a significant number of patient's records have been accessed in an inappropriate matter, or they were available to anyone who would like to look at them because they were not secured, according to the specificity of the law, we're required to follow that."
All fines and their related documents can be accessed here.
Hospital Fined $250,000 For Not Reporting Data Breach Hospital Seeks To Terminate Five Hospital Workers For Privacy Breaches on Social Media
Six Major Patient Record Breaches Draw $675,000 In Penalties
Technology Fears, Privacy Breaches Remain Barriers for EHR Use