Commentary

George Hulme
 
See more from this author

California Does Health Care Data Breaches Right

Since this spring, the California Department of Public Health has fined 12 health facilities about $1.5 million as a result of data breaches. Let's hope they keep fining organizations that fail to properly protect patient data.

| George Hulme | December 07, 2010 07:35 PM

Since this spring, the California Department of Public Health has fined 12 health facilities about $1.5 million as a result of data breaches. Let's hope they keep fining organizations that fail to properly protect patient data.If you've been reading my posts long enough, you know that I consider health care data breaches much worse on consumers that credit card breaches. With credit card breaches most users are held liable for $50 - if that - and fraudulent transactions can be cleaned up pretty quickly. Not always so with private health care data - once confidential information is spilled onto the Internet, it can't be put back into the bottle. Friends, co-workers, family members, and potential employers may forever know what was supposed to be kept confidential.

That's why when clicking through my normal blog and news reading last night, I was happy to read the post California Department of Public Health Continues to Fine Hospitals and Nursing Homes for Data Breaches that detailed the million and a half in fines as a result of Californian Health and Safety Code 1280.15(a) that requires health facilities to properly protect patient data:


More Security Insights

White Papers

More >>

Reports

More >>

Webcasts

More >>

Violations of this requirement can result in penalties of up to $25,000 per patient and up to $17,500 per subsequent occurrences of unlawful or unauthorized access, use or disclosure of that patients medical information.

In its most recent wave of penalties, announced November 19, 2010, CDPH assessed fines totaling $792,500 against six hospitals and one nursing home that it determined failed to prevent unauthorized access to confidential patient medical information. In one case, a health facility was fined $310,000:

$60,000 because the facility failed to prevent unauthorized access and disclosure of one patient's medical information by two employees on three occasions.

$250,000 because the facility failed to prevent the theft of 596 patients' medical information

Not only does California have this consumer protection law on their books, they're actively enforcing it. So, just as California set an important path with SB 1383 in 2003 - which sent into motion the legislatures in most states to follow suit - let's hope the state is setting another example that many more states will emulate.

For my security and technology observations throughout the day, follow me on Twitter.


, join the conversation

Related Reading

News

More News»

Most Popular

More Popular»

Commentary

More Commentary»

On the Web

More On The Web»

Video

More Videos»

Slideshow

More Slideshows»


Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
T-Shirt Giveaway T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting!
Subscribe to RSS

Resource Links