Six California hospitals, one nursing home fined for patient privacy breaches

State officials have fined six California hospitals and a nursing home for failing to prevent unauthorized access to confidential patient medical information, according to a report made public Friday.

California Department of Public Health officials have required all the facilities — which may appeal the fines — to submit plans to correct the problems.

Pacific Hospital of Long Beach was fined $225,000 after an investigator found that in October 2009 an unauthorized technician accessed medical information of nine patients, including psychiatric and emergency room patients, and later admitted to police that she used the information to open fraudulent accounts with Verizon. The technician was later arrested, according to the investigator’s report.


Children’s Hospital of Orange County was fined $25,000 after an employee accessed the medical records of a co-worker’s child without authorization in February 2009.

Two hospitals in Kern County were also fined.

Kern Medical Center in Bakersfield was fined twice for a total of $310,000 after 596 patients’ medical information was stolen in October 2009 from an unlocked outdoor storage locker and, separately, two employees gained unauthorized access to a patient’s medical information and disclosed it on three occasions in August 2009.

Delano Regional Medical Center was fined $60,000 after an employee gained unauthorized access to her sister-in-law’s medical records on three occasions in October 2009.

Regulators also fined two hospitals in Northern California. Biggs Gridley Memorial Hospital in Butte County was fined $5,000 after two employees gained unauthorized access to a co-worker’s medical information three times in March 2009. Oroville Hospital, also in Butte County, was fined $42,500 after an employee talked about a patient’s hospitalization on her cellphone in the emergency room and posted information about the hospitalization on MySpace starting in December 2008.

Kaweah Manor Convalescent Hospital in Tulare County was fined $125,000 after an unauthorized physical therapy assistant accessed and used five patients’ medical information in July 2009. He was later arrested in connection with alleged identity theft.

None of the facilities had been previously fined for privacy breaches.

The fines issued Friday came under a state law enacted in 2008 after widely publicized violations of patient privacy at Ronald Reagan UCLA Medical Center involving Farrah Fawcett, singer Britney Spears, Maria Shriver and other celebrities.

Last year, California public health officials issued the first penalty under the privacy law, fining Kaiser Permanente’s Bellflower hospital $437,500 for failing to prevent employees from snooping in the medical records of Nadya Suleman after she gave birth to octuplets.

By law, medical facilities may be fined $25,000 for the first breach and $17,500 for each subsequent breach of a patient’s medical information.

Facilities can appeal but are required to submit a plan of correction to the state Public Health Department within 10 days to prevent future incidents.