Hospital Fined $250,000 For Late Reporting of Data Breach
This story was updated on September 10th.
Lucile Salter Packard Children's Hospital at Stanford University has been fined $250,000 by California health officials for failing to report within five days a breach of 532 patient medical records in connection with the apparent theft of a hospital computer by an employee.
Under state law, that amount is the maximum penalty allowed for failing to report such an incident, according to spokesman for the California Department of Public Health, Ralph Montano. The penalty is assessed at the rate of $100 for every day of delayed reporting after the first five days for each patient medical record that was breached, he said.
These failure-to-notify penalties are unique in the country, according to officials for the National Academy for State Health Policy. So far, state health officials have issued more than $1.8 million in fines against 143 hospitals that failed to report an adverse event or breach of a medical record, a wrong-site surgery or a foreign object left inside a surgical patient.
State officials on Thursday released a document, called a "2567," summarizing the results of the state's investigation of the Lucile Packard incident. It said an unauthorized hospital employee and her husband, another employee, were observed Jan. 5 in the hospital's Heart Center removing a computer that contained protected health information on 532 patients.
- The Secret to Physician Engagement? It's Not Better Pay
- Two-Midnight Rule Must be Fixed or Replaced, Say Providers
- Hospital Groups Strike Back at Hospital Rating Systems
- AHIP: Enormity of HIX Challenges Sinks In
- Don't Underestimate Emotional Intelligence
- 4 Reasons PCMH Principles Aren't Going Away
- Yale New Haven Health Partners with Tenet Healthcare in CT
- Evidence-Based Practice and Nursing Research: Avoiding Confusion
- Care Coordination Tough to Define, Measure
- SCOTUS Review of NC Board Case 'A Very Big Deal' to Providers