Privacy & Information Security Law Blog

On May 14, 2009, the California Department of Public Health issued an Administrative Penalty Notice to the Kaiser Foundation Hospital — Bellflower for patient medical information privacy violations. Although the state did not identify the affected patient by name, the facts and circumstances described in the Notice correspond to the case of Nadya Suleman, the single mother of six who gave birth to octuplets at Bellflower in January 2009. The hospital was fined $250,000 for failure to prevent unlawful or unauthorized access to, or use or disclosure of, a patient’s medical information as required by new provisions recently added to California’s Health and Safety Code. California law also requires health care providers and facilities to notify the Department of any unlawful or unauthorized access to patient medical information within five days of detecting such access. These provisions were reportedly enacted in the wake of several high-profile health data compromises at California health care facilities involving celebrities such as Farrah Fawcett, Britney Spears and California first lady Maria Shriver.