Privacy & Information Security Law Blog

Kaiser Permanente Bellflower Hospital has again been penalized for failing to prevent unauthorized access to confidential patient information.  On July 16, 2009, the California Department of Public Health announced that it had levied administrative penalties totaling $187,500 on the hospital after it was determined that eight Kaiser employees had compromised the privacy of four patients' medical information.  On May 14, 2009, the same facility was fined $250,000 -- the maximum allowable penalty under the new state health privacy provisions that came into effect on January 1st -- for violations related to unauthorized employee access to the medical records of Nadya Suleman.  The latest fine included a $25,000 penalty for each of four patients whose medical records allegedly were breached, plus $17,500 per incident for five subsequent alleged breaches of those medical records after the first.

The new fine was issued 45 business days after the Department of Health's original Administrative Penalty notice to Kaiser.  As part of the first enforcement action, Kaiser was required to submit a plan of corrective action within 15 days of the issuance of the Department's statement of deficiencies, and "immediate correction" of the problems was to occur within 30 days of the exit interview.  The July 16 follow-up fine seems to demonstrate a willingness on the part of the Department to ensure that the terms of its enforcement actions are followed to prevent further harm to the privacy of California patients.

For more on the May 14, 2009 enforcement against Kaiser, click here.